Lucene search
K

16992 matches found

OSV
OSV
added 2019/11/25 4:15 p.m.2 views

DEBIAN-CVE-2015-1396

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196...

7.5CVSS6.9AI score0.03223EPSS
Exploits0References1
Prion
Prion
added 2019/11/25 4:15 p.m.22 views

Directory traversal

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196...

6.4CVSS6.8AI score0.06096EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2019/11/25 3:44 p.m.68 views

CVE-2015-1396

GNU patch before 2.7.4 is vulnerable to a directory-traversal via a symlink attack in a patch file, allowing remote write of arbitrary files. Root cause: incomplete fix for CVE-2015-1196. Affected: GNU patch (up to 2.7.3). Remediation: upgrade to 2.7.4 or later; no further details provided in the...

7.5CVSS6.2AI score0.03223EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2019/11/25 3:44 p.m.32 views

CVE-2015-1396

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196...

7.5CVSS6.5AI score0.03223EPSS
Exploits0
0day.today
0day.today
added 2019/11/22 12:0 a.m.160 views

GNU Mailutils 3.7 - Privilege Escalation Exploit

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

7.8CVSS0.4AI score0.01135EPSS
Exploits5
Fedora
Fedora
added 2019/11/21 2:2 a.m.49 views

[SECURITY] Fedora 29 Update: oniguruma-6.9.1-3.fc29

Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...

9.8CVSS3.2AI score0.04047EPSS
Exploits1
Fedora
Fedora
added 2019/11/21 12:56 a.m.39 views

[SECURITY] Fedora 30 Update: oniguruma-6.9.2-3.fc30

Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...

9.8CVSS3.2AI score0.04047EPSS
Exploits1
Packet Storm
Packet Storm
added 2019/11/21 12:0 a.m.412 views

GNU Mailutils 3.7 Privilege Escalation

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

4.6CVSS0.5AI score0.01135EPSS
Exploits5
CNVD
CNVD
added 2019/11/21 12:0 a.m.1 views

GNU Serveez Information Disclosure Vulnerability

GNU Serveez is a server framework. An information disclosure vulnerability exists in the httpcgiwrite function in http-cgi.c in GNU Serveez 0.2.2 and earlier. An attacker can exploit this vulnerability to obtain information by sending an HTTP POST request to the /cgi-bin/reader URI...

7.5CVSS6.3AI score0.01511EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2019/11/21 12:0 a.m.395 views

GNU Mailutils 3.7 - Privilege Escalation

Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...

7.8CVSS7.8AI score0.01135EPSS
Exploits5
OSV
OSV
added 2019/11/20 7:15 p.m.1 views

DEBIAN-CVE-2015-1606

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service invalid read and use-after-free via a crafted keyring file...

5.5CVSS5.9AI score0.01924EPSS
Exploits0References1
OSV
OSV
added 2019/11/20 1:15 p.m.3 views

CVE-2019-16200

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the...

7.5CVSS7.4AI score0.01511EPSS
Exploits1References1
NVD
NVD
added 2019/11/20 1:15 p.m.12 views

CVE-2019-16200

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the...

7.5CVSS7.5AI score0.01511EPSS
Exploits1References1
Prion
Prion
added 2019/11/20 1:15 p.m.11 views

Heap overflow

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the...

5CVSS7.5AI score0.01511EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/11/20 12:58 p.m.17 views

CVE-2019-16200

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the...

7.5AI score0.01511EPSS
Exploits1References1
CVE
CVE
added 2019/11/20 12:58 p.m.51 views

CVE-2019-16200

GNU Serveez 0.2.2 and earlier: information disclosure via HTTP POST to /cgi-bin/reader. A crafted Content-Length (positive value whose 32‑bit binary representation is negative) triggers a heap‑based over-read, with the code path in http_cgi_write (http-cgi.c) and potentially svz_envblock_add (lib...

7.5CVSS7.5AI score0.01511EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/11/20 12:0 a.m.1 views

GNU C Library ASLR Bypass Vulnerability

The GNU C Library glibc is an open-source, free, easy-to-download C compiler released under the LGPL license. An ASLR bypass vulnerability exists in GNU C Library glibc versions prior to 2.31 on the x86-64 architecture. The vulnerability stems from GNU C Library failing to ignore the...

3.3CVSS7.8AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2019/11/19 10:15 p.m.18 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

3.3CVSS4AI score0.00409EPSS
Exploits0References5
OSV
OSV
added 2019/11/19 10:15 p.m.38 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

3.3CVSS7.1AI score
Exploits0References5
OSV
OSV
added 2019/11/19 10:15 p.m.1 views

DEBIAN-CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

3.3CVSS6.5AI score0.00409EPSS
Exploits0References1
Rows per page
Query Builder