16992 matches found
Oracle Application / HTTP Server Detection (HTTP)
HTTP based detection of the Oracle Application Server AS or Oracle HTTP Server. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: libidn2
Issue Overview: idn2toascii4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. CVE-2019-18224 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it...
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Vulnerabilit
Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Product web page: https://www.inim.biz Link:...
USN-4218-1: GNU C Library vulnerability
Jakub Wilk discovered that GNU C Library incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-4218-1 eglibc vulnerability
Jakub Wilk discovered that GNU C Library incorrectly handled certain memory alignments. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
Inim Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials
Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...
SYS.2.2.2.A21
Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
SYS.2.2.2.A7
Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Standard-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify...
[SECURITY] Fedora 30 Update: oniguruma-6.9.2-4.fc30
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
DEBIAN-CVE-2019-19602
fpregsstatevalid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact because of incorrect fpufpregsownerctx caching, as demonstrated...
[SECURITY] Fedora 31 Update: oniguruma-6.9.4-1.fc31
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
EulerOS 2.0 SP2 : binutils (EulerOS-SA-2019-2450)
According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++...
EulerOS 2.0 SP2 : tar (EulerOS-SA-2019-2423)
According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended...
EulerOS 2.0 SP2 : patch (EulerOS-SA-2019-2428)
According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation fault via a crafted diff...
patch: do_ed_script in pch.c does not block strings beginning with a ! character
A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
GnuPG Encryption Problem Vulnerability
GnuPG is an open source suite of cryptographic software from the GNU Project under the GNU General Public License. The software supports public key, symmetric encryption, hashing and other algorithms. A cryptographic issue vulnerability exists in versions of GnuPG prior to 2.2.18, which can be...
EulerOS Virtualization for ARM 64 3.0.3.0 : gettext (EulerOS-SA-2019-2320)
According to the version of the gettext packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to...
NewStart CGSL CORE 5.04 / MAIN 5.04 : patch Multiple Vulnerabilities (NS-SA-2019-0223)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by multiple vulnerabilities: - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style...
openSUSE: Security Advisory for cpio (openSUSE-SU-2019:2593-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...