[SECURITY] Fedora 31 Update: gnuchess-6.2.6-1.fc31

The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...

[SECURITY] Fedora 32 Update: gnuchess-6.2.6-1.fc32

The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...

The vulnerability of the utility for applying changes between different versions of the GNU patch text files (inp.c and util.c) arises from an incorrect definition of the reference before accessing the file. This allows a malicious actor to compromise the integrity of the data.

The vulnerability of the utility for applying changes between different versions of the GNU patch text files inp.c and util.c is related to an incorrect definition of the reference pointer before accessing the file. Exploiting this vulnerability could allow a remote attacker to compromise the...

GNU Mailman Cross-Site Scripting Vulnerability

GNU Mailman is a free suite of software from the GNU Project for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage e-mail subscription accounts and provides built-in archiving, automatic forwarding processing, conten...

Code injection

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

CVE-2020-12137

CVE-2020-12137 affects GNU Mailman 2.x up to version 2.1.30. The root cause is using the .obj extension for scrubbed application/octet-stream MIME parts, which can trigger MIME sniffing and lead to XSS in list-archive visitors when HTTP replies lack a MIME type. The connected advisories indicate ...

Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution

Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...

Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Date: 2020-04-24 Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A !/usr/bin/env python3 -- coding: utf-8...

PT-2020-3649 · Gnu +6 · Gnu Mailman +6

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions 2.x through 2.1.29 GNU Mailman version 2.1.30 is not affected, but all versions prior to 2.1.30 are vulnerable. Description: The issue is related to the handling of MIME parts in GNU Mailman, which may contribute to...

Ubuntu 18.04 LTS : GNU binutils vulnerabilities (USN-4336-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4336-1 advisory. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a...

The vulnerability of the “CSRF” cross-request mechanism in the GNU Privacy Guard (GnuPG) software for encrypting data and generating digital signatures allows attackers to carry out denial-of-service attacks.

The vulnerability of the “CSRF” mechanism used by the GNU Privacy Guard GnuPG software for encrypting data and generating digital signatures is related to deficiencies in the processing of authentication requests for applications. Exploiting this vulnerability can allow an attacker to carry out a...

USN-4336-1: GNU binutils vulnerabilities

It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code...

DEBIAN-CVE-2020-1751

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...

UBUNTU-CVE-2020-1751

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...

The vulnerability of the implementation of the HMAC-SHA-256 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.

The vulnerability of the HMAC-SHA-256 mechanism implemented in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recovers the...

EulerOS Virtualization 3.0.2.2 : pcre (EulerOS-SA-2020-1485)

According to the version of the pcre packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Integer overflow in the IOwstroverflow function in libio/wstrops.c in the GNU C Library aka glibc or libc6 before 2.22 allows...

EulerOS Virtualization 3.0.2.2 : gettext (EulerOS-SA-2020-1469)

According to the version of the gettext packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid...

EulerOS 2.0 SP3 : screen (EulerOS-SA-2020-1433)

According to the version of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial o...

EulerOS 2.0 SP3 : gcc (EulerOS-SA-2020-1383)

According to the version of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking source...