CVE-1999-0199

manual/search.texi in the GNU C Library aka glibc before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999...

CVE-1999-0199

CVE-1999-0199 affects glibc prior to 2.2. The issue is a missing statement about the unspecified tdelete return value when deleting a tree’s root, which could let an attacker access a dangling pointer in affected applications. Affected: glibc before 2.2. Remediation: upgrade to a version with the...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a GNU GRUB2 security vulnerability (CVE-2020-10713)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in GNU GRUB2 that could allow a local authenticated attacker to execute arbitrary code on the system. CVE-2020-10713 Vulnerability Details CVEID: CVE-2020-10713 Description: GNU GRUB2 could allow a local authenticated...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a GNU GRUB2 security vulnerability (CVE-2020-10713)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in GNU GRUB2 that could allow a local authenticated attacker to execute arbitrary code on the system. CVE-2020-10713 Vulnerability Details CVEID: CVE-2020-10713 Description: GNU GRUB2 could allow a local authenticated...

Moderate: Red Hat Security Advisory: cpio security update

An update for cpio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Fedora: Security Advisory for ghc-hakyll (FEDORA-2020-c39d7a562c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-2120)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : glibc (EulerOS-SA-2020-2019)

According to the version of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-2072)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2020-2091)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : bash (EulerOS-SA-2020-2081)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to...

EulerOS 2.0 SP3 : binutils (EulerOS-SA-2020-2072)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in...

EulerOS 2.0 SP3 : patch (EulerOS-SA-2020-2120)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and...

The string component in the GNU C Library (aka glibc or libc6) through 2.28 when running on the x32 architecture incorrectly attempts to use a 64-bit register for size_t in assembly codes which can lead to a segmentation fault or possibly unspecified other impact as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.

...

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.

...

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

...

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy() this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

...

ALPINE-CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. The getcount function in cplus-dem.c in GNU libiberty allows remote attackers to cause a denial of service malloc called with the result of an integer-overflowing calculation or possibly have unspecified other impact via a crafted string, as...

Denial Of Service (DoS)

binutils:bionic is vulnerable to Denial Of Service DoS. An issue was discovered in cp-demangle.c in GNU libiberty. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P' characters...