Denial Of Service (DoS)

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

Websvn 2.6.0 Remote Code Execution

Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Date: 20/06/2021 Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE :...

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in GNU cpio (CVE-2019-14866)

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-14866 DESCRIPTION: GNU cpio could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to properly validate input files when...

Websvn 2.6.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE : CVE-2021-32305 import...

The vulnerability of the glibc library in the Aurora operating system, related to reading beyond the buffer in memory, allows a hacker to cause a service failure.

The vulnerability of the glibc library in the Aurora operating system is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

The vulnerability of the `glob` function in the glibc library of the Aurora operating system, related to the use of memory after it is freed, allows a hacker to increase their privileges and execute arbitrary code.

The vulnerability of the glob function in the glibc library of the Aurora operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

Fedora: Security Advisory for dotnet3.1 (FEDORA-2021-cb4f3ab817)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PHPMailer < 6.5.0 RCE Vulnerability

PHPMailer is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

MGASA-2021-0250 Updated gnuchess package fix a security vulnerability

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc. CVE-2021-30184...

F5 Networks BIG-IP : glibc vulnerability (K38481791)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.3 / 15.1.4 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K38481791 advisory. The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range...

SUSE SLES11 Security Update : mailman (SUSE-SU-2020:14423-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2020:14423-1 advisory. - GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. CVE-2020-15011 Note that Nessus has...

SUSE SLES11 Security Update : tar (SUSE-SU-2019:14215-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14215-1 advisory. - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of...

SUSE: Security Advisory (SUSE-SU-2016:2895-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0522-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:2913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress visitors-app 0.3 Plugin - (user-agent) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting XSS Exploit Author: Mesut Cetin Vendor Homepage: https://profiles.wordpress.org/domingoruiz/ Software Link: https://wordpress.org/plugins/visitors-app/ Version: 0.3 Tested on: Debian GNU/Linux 10 Reference...

SUSE: Security Advisory (SUSE-SU-2019:2902-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in standard C library affect IBM DataPower Gateways (CVE-2013-7423, CVE-2015-1781)

Summary IBM DataPower Gateways has addressed a vulnerability in the standard C library that it uses to access DNS. Vulnerability Details CVEID: CVE-2013-7423 DESCRIPTION: GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file...

Linux kernel post-release reuse vulnerability (CNVD-2021-43364)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A post-release reuse vulnerability exists in fs/iouring.c in Linux kernel versions prior to 5.8.2. An attacker could...

EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2021-1974)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy...