ROS-2-655

2.655 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...

openSUSE: Security Advisory for xerces-c (openSUSE-SU-2021:1231-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OESA-2021-1328 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

DEBIAN-CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

Code injection

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

UBUNTU-CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

GNU Inetutils数据伪造问题漏洞

GNU Inetutils is a common set of network programs in the GNU community. A security vulnerability exists in versions of GNU Inetutils prior to 2.2, which stems from a client not validating the addresses returned in a PASV/LSPV response to ensure that they match the server address...

CVE-2021-40491

CVE-2021-40491 affects GNU Inetutils before 2.2, where the FTP client does not validate addresses returned in PASV/LSPV responses against the server address, enabling potential address mismatch exploitation. The connected documents corroborate a related PASV-based risk in curl (CVE-2020-8284) and...

CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

PT-2021-22897 · Gnu +2 · Gnu Inetutils +2

Name of the Vulnerable Software and Affected Versions: GNU Inetutils versions prior to 2.2 Description: The issue concerns the ftp client in GNU Inetutils, which fails to validate addresses returned by PASV/LSPV responses, ensuring they match the server address. Recommendations: For GNU Inetutils...

Moxa Command Injection / Cross Site Scripting Vulnerabilities

======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage...

Moxa Command Injection / Cross Site Scripting / Vulnerable Software

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number:...

glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern

A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflo...

glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions

A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability...

OpenSSL: ECDSA Private Key Leak (CVE-2011-1945) - Linux

OpenSSL leaks ECDSA private key through a remote timing attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

Usermin 1.820 - Remote Code Execution (Authenticated) Exploit

Title: Usermin 1.820 - Remote Code Execution RCE Authenticated Author: Numan Türle Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: =1820 https://www.youtube.com/watch?v=wiRIWFAhz24 !/usr/bin/python3 -- coding: utf-8 -- Usermin - Remot...