Oracle Linux 7 : glibc (ELSA-2021-0348)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0348 advisory. - CVE-2020-10029: Prevent stack corruption from crafted input in cosl, sinl, sincosl, and tanl function. 1812119 - CVE-2020-29573: Harden printf family...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-20386 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory leak in the buttonopen function in...

Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes

Uroboros is a GNU/Linux monitoring tool focused on single processes. While utilities like top, ps and htop provide great overall details, they often lack useful temporal representation for specific processes, such visual representation of the process data points can be used to profile, debug and...

glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding

A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-1135)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

DEBIAN-CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

UBUNTU-CVE-2021-3349

DISPUTED GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution i...

Vulnerability fixed in Libgcrypt

A vulnerability has been fixed in Libgcrypt. The vulnerability allows a remote malicious person to execute arbitrary code execute under the user's privileges. The developers of GnuPG have released updates to fix the vulnerability. More information can be found at the page below:...

PT-2021-20151 · Gnome +2 · Gnome Evolution +2

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions 3.38.3 and earlier Description: The issue arises when GNOME Evolution produces a "Valid signature" message for an unknown identifier on a previously trusted key. This occurs because Evolution does not retrieve enough...

Sudo 1.9.5p1 - (Baron Samedit) Heap-Based Buffer Overflow Privilege Escalation Exploit (2)

Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities. Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 2 Authors and Contributors: cts, help from r4j, debug by nu11secur1ty Vendor: https://www.sudo.ws/...

GNOME Evolution Data Forgery Issue Vulnerability

GNOME Evolution is a suite of email client programs for the Gnome desktop environment for Linux. The program provides Email, calendar, meeting scheduling, contact management, and other features. A data forgery issue vulnerability exists in GNOME Evolution through 3.38.3, which stems from Evolutio...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 PoC Introduction This is an exploit for the...

PSC - E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward

DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without modding/filtering. Along with the e2e pty...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-07540)

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in userlog-index.php in Revive Adserver...

Oracle MySQL Server 5.6 <= 5.6.27 Security Update (cpujan2016) - Linux

Oracle MySQL Server is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU C Library Denial of Service Vulnerability (CNVD-2021-26204)

The GNU C Library glibc is an open-source, free, easy-to-download C compiler released under the LGPL license. A denial of service vulnerability exists in GNU C Library version 2.32 and earlier. The vulnerability stems from the iconv function in the GNU C Library failing to assert and aborting a...

CVE-2021-3326

The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service...