Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils. There is a stack consumption vulnerability resulting from infinite recursion in the functions dname, dencoding, and dlocalname in cp-demangle.c. Remot...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils. There is a heap-based buffer over-read in bfddoprnt in bfd.c because elfobjectp in elfcode.h mishandles an eshstrndx section of typ...

USN-4516-1 gnupg2 vulnerability

It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to reve...

CVE-2020-24979

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none Mitigation This flaw...

GNU Bash Environment Variable Handling Code Injection (Shellshock)

The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via...

Xpdf <= 4.02 Multiple DoS Vulnerabilities

Xpdf is prone to multiple denial of service DoS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Fedora: Security Advisory for golang (FEDORA-2020-a55f130272)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for libidn2 (EulerOS-SA-2020-1976)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2020-1956)

According to the versions of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds write vulnerability was found in glibc when handling signal trampolines on PowerPC. The backtrace...

GNU bison buffer overflow vulnerability

GNU Bison is free software for the automatic generation of syntax parser programs. A buffer overflow vulnerability exists in src/symtab.c in GNU bison 3.7.1.1-cb7dc-dirty. A local attacker can exploit this vulnerability via specially crafted input files to cause a system crash...

ALPINE-CVE-2020-24659

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

ALPINE-CVE-2020-25125

GnuPG 2.2.21 and 2.2.22 and Gpg4win 3.1.12 has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG...

ansible: dnf module install packages with no GPG signature

A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...

ansible: dnf module install packages with no GPG signature

A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...

GnuPG Arbitrary Code Execution Vulnerability

GnuPG is an open source suite of cryptographic software from the GNU Project under the GNU General Public License. The software supports public key, symmetric encryption, hashing and other algorithms. A security vulnerability exists in the Kleopatra component prior to version 3.1.12 and in GnuPG...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1849)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Quote of the Day (qotd) Service Detection (UDP)

UDP based detection of a Quote of the Day qotd service. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2020-1849)

According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets tha...

USN-4416-1: GNU C Library vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting...

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...