OESA-2021-1090 screen security update

Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Security Fixes: encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and application crash or possibly...

GNU Binutils 缓冲区错误漏洞

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A heap buffer overflow vulnerability exists in bfdelfslurpsecondaryrelocsection in elf.c in GNU Binutils version 2.35.1. The vulnerability stems fr...

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the statsBreakdown parameter in stats.php ...

TYPO3 cross-site scripting vulnerability (CNVD-2021-22139)

TYPO3 is a free and open source content management system written in PHP under the GNU General Public License. A cross-site scripting vulnerability exists in the database field used as descriptionColumn in TYPO3 versions prior to 10.4.14, 11.1.1. No detailed vulnerability details are available at...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : GNU Screen vulnerability (USN-4747-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4747-1 advisory. Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause...

The vulnerability in the `default_add_message` function of the `read-catalog.c` file in the GNU project’s library, related to the internationalization of Gettext, allows a hacker to repeatedly release a memory area, enabling them to access confidential data, compromise its integrity, and cause service failures.

The vulnerability in the defaultaddmessage function of the read-catalog.c file in the GNU project’s library is related to the repeated release of a memory area. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and even cause...

Fedora: Security Advisory for kernel-headers (FEDORA-2021-14f6642aa6)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

...

Fedora: Security Advisory for eog (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for libebml (FEDORA-2021-e283997bb9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for plasma-workspace (FEDORA-2021-85c9774673)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for gnome-user-docs (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for kscreen (FEDORA-2021-85c9774673)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CuteNews 2.1.2 Shell Upload

! /usr/bin/env python3 Exploit Title: CuteNews 2.1.2 - Avatar upload RCE Authenticated Exploit Author: Mayank Deshmukh Date: 2021-03-17 Vendor Homepage: https://cutephp.com/ Software Link: https://cutephp.com/click.php?cutenewslatest Version: 2.1.2 CVE: CVE-2019-11447 CVE Reference:...

USN-4839-1: python-gnupg vulnerabilities

Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. CVE-2018-12020 It was discovered that python-gnupg incorrectly handled the GPG...

UBUNTU-CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-1646)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-1590)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...

NewStart CGSL MAIN 6.02 : binutils Multiple Vulnerabilities (NS-SA-2021-0090)

The remote NewStart CGSL host, running version MAIN 6.02, has binutils packages installed that are affected by multiple vulnerabilities: - findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a...