gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...

GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...

glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions

A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability...

glibc: array overflow in backtrace functions for powerpc

An out-of-bounds write vulnerability was found in glibc when handling signal trampolines on PowerPC. The backtrace function did not properly check the array bounds when storing the frame address resulting in a denial of service or potential code execution. The highest threat from this vulnerabili...

glibc: use-after-free in glob() function when expanding ~user

A use-after-free vulnerability was found in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processe...

Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

ALSA-2020:4443 Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

EulerOS 2.0 SP2 : patch (EulerOS-SA-2020-2378)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and...

EulerOS 2.0 SP2 : binutils (EulerOS-SA-2020-2330)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities. Vulnerability Details: CVE-ID: CVE-2013-2207 Description: The GNU C Library...

openSUSE Security Update : binutils (openSUSE-2020-1804)

This update for binutils fixes the following issues : binutils was updated to version 2.35. jscECO-2373 Update to binutils 2.35 : - The assembler can now produce DWARF-5 format line number tables. - Readelf now has a 'lint' mode to enable extra checks of the files it is processing. - Readelf will...

EulerOS 2.0 SP5 : mailman (EulerOS-SA-2020-2291)

According to the version of the mailman package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted...

Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2020-2291)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2020-2256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : glibc (ALAS-2020-1517)

The version of glibc installed on the remote host is prior to 2.26-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1517 advisory. In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IP...

Adtec Digital Products Hardcoded Credentials / Remote Root

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Vulnerability

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

Huawei GaussDB Kernel Detection (Linux/Unix SSH Login)

SSH login-based detection of Huawei GaussDB Kernel. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the libbfd library in the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the libbfd library function elfreadnotes elf.c in the GNU Binutils development environment is related to the distribution of resources without restrictions. Exploiting this vulnerability could allow an attacker to cause a service failure...

Amazon Linux 2 : mailman (ALAS-2020-1536)

The version of mailman installed on the remote host is prior to 2.1.15-30. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1536 advisory. A cross-site scripting vulnerability XSS has been discovered in mailman due to the hostname field not being properly...