Remote Code Execution (RCE)

GNU is vulnerable to Remote Code Execution RCE. The vulnerability exists due to an integer overflow that triggers an out-of-bounds heap write...

The vulnerability of the GNU Aspell spell-checking program lies in its ability to write outside the field, allowing a hacker to execute arbitrary code.

The vulnerability of the GNU Aspell spell checker lies in its ability to be executed outside of the field. Exploiting this vulnerability allows an attacker to execute arbitrary code...

GNU C Library 代码问题漏洞

The GNU C Library glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the GNU C Library aka glibc version 2.34 and earlier versions of librt, which stems from sysdeps/unix/sysv/linux/mqnotify.c incorrectly handling certain...

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

CVE-2021-32768

CVE-2021-32768 is a cross-site scripting vulnerability in TYPO3 where the frontend rendering of rich-text content can reflect malicious input due to HTMLparser not filtering all tag/attribute combinations by default. In typical scenarios, exploitation requires a valid backend user account, but if...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2295)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-3819 · Gnu +1 · Glibc +1

Name of the Vulnerable Software and Affected Versions: glibc versions through 2.34 Description: The issue is related to the mishandling of certain NOTIFY REMOVED data in the sysdeps/unix/sysv/linux/mq notify.c component of the GNU C Library glibc, leading to a NULL pointer dereference. This can b...

DEBIAN-CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

Integer overflow

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

UBUNTU-CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

PT-2021-4457 · Gnu +10 · Gnu Cpio +10

Name of the Vulnerable Software and Affected Versions: GNU cpio versions 2.13 and earlier Description: The issue is caused by an integer overflow in the dstring.c component of the GNU cpio package, specifically in the ds fgetstr function. This overflow triggers an out-of-bounds heap write, allowi...

CVE-2021-38185

CVE-2021-38185 affects GNU cpio up to version 2.13. The issue is an integer overflow in ds_fgetstr() (dstring.c) that can trigger an out-of-bounds heap write via a crafted pattern file, potentially enabling arbitrary code execution. Public advisories from multiple vendors confirm patched releases...

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software

Summary GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-20294 DESCRIPTION: GNU Binutils is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the readelf...

USN-5029-1: GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Fedora: Security Advisory for mingw-exiv2 (FEDORA-2021-0b27f220bd)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Debian DSA-4948-1 : aspell - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4948 advisory. A buffer overflow was discovered in the Aspell spell checker, which could result in the execution of arbitrary code. For the stable distribution buster, these...

OESA-2021-1290 aspell security update

GNU Aspell is a spell checker intended to replace Ispell. It can be used as a library and spell checker. Its main feature is that it provides much better suggestions than other inspectors, including Ispell and Microsoft Word. It also has many other technical enhancements to Ispell, such as the us...