GNU Screen: User-assisted execution of arbitrary code

Background GNU Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Description It was discovered that GNU screen did not properly handle certain UTF-8 character sequences. Impact A remote attacker could entice a user...

PT-2021-7938 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU binutils version 2.36 Description: An out of bounds flaw was found in the GNU binutils objdump utility. This issue is related to the avr elf32 load records from section function and can result in a crash or memory corruption if a large...

Oracle Linux 8 : mailman:2.1 (ELSA-2021-1751)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1751 advisory. 3:2.1.29-11 - Fixes for CVE-2020-12108 and CVE-2020-15011 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 8 : bash (ELSA-2021-1679)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1679 advisory. 4.4.19-14 - Fix hang when limit for nproc is very high Resolves: 1890888 4.4.19-13 - Correctly drop saved UID when effective UID is not equal to its real UID...

DEBIAN-CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

UBUNTU-CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly...

PT-2021-5558 · Gnu +7 · Glibc +7

Name of the Vulnerable Software and Affected Versions: glibc versions 2.32 and 2.33 Description: The issue is related to the mq notify function in the GNU C Library, which has a use-after-free problem. This occurs when the function uses the notification thread attributes object, passed through it...

GNU cflow Resource Management Error Vulnerability (CNVD-2021-36540)

GNU cflow is a flowchart generator for the GNU community that reads C source files and generates externally referenced flowcharts. A resource management error vulnerability exists in cflow version 1.6, which stems from the existence of a post-release use of the callchar name, int line function in...

Fedora: Security Advisory for dotnet5.0 (FEDORA-2021-721731dc86)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics

Summary GNU binutils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs by upgrading GNU binutils to latest version 2.36.1 Vulnerability Details CVEID: CVE-2021-20284 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a heap-based buff...

CVE-2021-3549

An Out of Bounds flaw was found in GNU binutils objdump utility. An attacker could use this flaw and pass a large section to avrelf32loadrecordsfromsection probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as syste...

GNU LibreDWG Heap Buffer Overflow Vulnerability

GNU LibreDWG is a C language library for working with DWG files from the GNU community. LibreDWG 0.10.1 suffers from a security vulnerability that originates from a buffer overflow vulnerability in the libredwg-0.10.1/src/decoder2007.c:666:5 heap. An attacker could exploit this vulnerability to...

glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding

A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability...

glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match...

Moderate: Red Hat Security Advisory: cpio security update

An update for cpio is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

cpio security update

An update is available for cpio. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cpio packages provide the GNU cpio utility for creating and extracting...

Moderate: cpio security update

The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fixes: cpio: improper input validation when writing tar header fields leads to unexpected tar generation CVE-2019-14866 For more details about the security...

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2021-36635)

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10.2641. An attacker can exploit this vulnerability via htmlescape ... /... /programs/escape.c:51 to exploit the vulnerability and cause a heap buffer overflow...