Astra Linux – Vulnerability in tidy-html5

A vulnerability in HTACG HTML Tidy v5.7.28 allows attackers to execute arbitrary code through the -g option of the CleanNode function in gdoc.c...

CLSA-2025-1763023946 Fix CVE(s): CVE-2020-35457

SECURITY UPDATE: Integer Overflow in goptiongroupaddentries - debian/patches/CVE-2020-35457.patch: goption: add a precondition to avoid GOptionEntry list overflow - CVE-2020-35457...

CLSA-2025-1758709468 glib2: Fix of CVE-2020-35457

CVE-2020-35457: fix integer overflow in goptiongroupaddentries to prevent potential out-of-bounds write - Bug775510: avoid calling Standard C string/array functions with NULL arguments...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the -g option of the CleanNode function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Issue Credit: bsdb0y...

NTP < 4.2.8p5 DoS Vulnerability

If ntpd is always started with the -g option, which is common and against long-standing recommendation, and if at the moment ntpd is restarted an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of...

DEBIAN-CVE-2015-5300

The panicgate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds...

Debian Security Advisory DSA 3388-1 (ntp - security update)

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote...

FreeBSD-SA-16:02.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:02.ntp Security Advisory The FreeBSD Project Topic: ntp panic threshold bypass vulnerability Category: contrib Module: ntp Announced: 2016-01-14 Credits:...

Debian DSA-3388-1 : ntp - security update

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : - CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if : - ntpd enabled remote...

DLA-335-1 ntp - security update

Bulletin has no description...

sudo: does not ask for password on GID changes

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...

DEBIAN-CVE-2011-0010

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...