PT-2021-6019

Name of the Vulnerable Software and Affected Versions GNU Mailman versions prior to 2.1.38 Description The issue is related to insufficient validation of the source of HTTP requests in GNU Mailman, allowing a remote attacker to force a victim to visit a special web page and perform arbitrary...

Debian: Security Advisory (DLA-2830-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2830-1] tar security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2830-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 28, 2021 https://wiki.debian.org/LTS -...

openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2021:1500-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GNU gdbserver 9.2 - Remote Command Execution Exploit

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested on: Ubuntu Linux...

GNU gdbserver 9.2 - Remote Command Execution (RCE)

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Date: 2021-11-21 Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested...

Security Bulletin: Vulnerability in Bash (CVE-2019-18276) affects HMC

Summary GNU Bash is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-18276 DESCRIPTION: GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disableprivmode...

OESA-2021-1438 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input leading to a segmentation fault on 32-bit platforms.

...

Gcc C++filt 资源管理错误漏洞

Gcc C++filt is a filter from the Gnu community. It is used to disambiguate compiled C++ names. A resource management error vulnerability exists in GCC c++filt v2.26, which stems from the presence of a post-release use in the component cplus-dem.c. The vulnerability is caused by the presence of th...

Discourse < 2.7.10 Cache Poisoning Vulnerability

Discourse is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2021-2781)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2793)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2742)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : gcc (ELSA-2021-4386)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4386 advisory. - CVE-2018-12207 / Intel SKX102 OL8 gcc: Intel Mitigation for CVE: CVE-2018-12207 Tenable has extracted the preceding description block directly from the Oracle...

EulerOS Virtualization 2.9.1 : cpio (EulerOS-SA-2021-2749)

According to the versions of the cpio package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr intege...

EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2021-2793)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large...

Oracle Linux 8 : binutils (ELSA-2021-4364)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4364 advisory. 2.30-108.0.2 - Forward-port the following update: 2.30-93.0.4 - Backport fix for fencepost bug in CTF pptrtab usage causing coredumps - Backport test...

Oracle Linux 8 : glibc (ELSA-2021-4358)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4358 advisory. - CVE-2021-33574: Deep copy pthread attribute in mqnotify 1966472 - CVE-2021-35942: wordexp: handle overflow in positional parameter number 1979127 -...

openSUSE 15 Security Update : binutils (openSUSE-SU-2021:1475-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1475-1 advisory. Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME fo...