Lucene search
K

16992 matches found

UbuntuCve
UbuntuCve
added 2019/11/19 10:15 p.m.45 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

3.3CVSS6.8AI score0.00409EPSS
Exploits0References3
Prion
Prion
added 2019/11/19 10:15 p.m.25 views

Code injection

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

2.1CVSS5.5AI score0.00409EPSS
Exploits0References5Affected Software4
RedhatCVE
RedhatCVE
added 2019/11/19 11:7 a.m.21 views

CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

5.3CVSS5.6AI score0.0322EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/11/19 12:0 a.m.24 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

5AI score0.00409EPSS
Exploits0References5
CNVD
CNVD
added 2019/11/19 12:0 a.m.2 views

Jumpserver bastion is vulnerable to logic flaws

Jumpserver is an open source bastion , using the GNU GPLv2.0 open source protocol , is in line with the 4A professional operations audit system . Jumpserver bastion machine has a logic flaw vulnerability that can be exploited by attackers to cause MFA secondary authentication can be bypassed...

7.1AI score
Exploits0
Debian CVE
Debian CVE
added 2019/11/19 12:0 a.m.36 views

CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

3.3CVSS6AI score0.00409EPSS
Exploits0
CVE
CVE
added 2019/11/19 12:0 a.m.392 views

CVE-2019-19126

CVE-2019-19126 affects glibc on x86-64 where LD_PREFER_MAP_32BIT_EXEC is not ignored after a security transition, enabling local attackers to bypass ASLR on setuid binaries by narrowing library address mappings. Public sources in Connected documents confirm the issue exists in glibc versions befo...

3.3CVSS4.8AI score0.00409EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/18 1:57 p.m.42 views

Security Bulletin: GNU C library (glibc) vulnerability affects IBM WebSphere Cast Iron Solution (CVE-2015-8776)

Summary Open source GNU C library glibc vulnerability affects IBM WebSphere Cast Iron Solution. Vulnerability Details CVEID: CVE-2015-8776 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service. By passing out-of-range time values to the strftime function, a remote attacker could...

9.1CVSS0.5AI score0.04613EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/11/18 12:0 a.m.36 views

FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)

Sergey Poznyakoff reports : This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpiosafernamesuffix function ...

7.3CVSS6.6AI score0.05484EPSS
Exploits5References5
Cloud Foundry
Cloud Foundry
added 2019/11/18 12:0 a.m.35 views

USN-4176-1: GNU cpio vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. CVEs contained in this USN...

7.3CVSS7.2AI score0.00686EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/11/15 12:0 a.m.45 views

Amazon Linux 2 : binutils (ALAS-2019-1358)

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

7.8CVSS6.8AI score0.05229EPSS
Exploits3References4
OSV
OSV
added 2019/11/13 2:15 p.m.1 views

ALPINE-CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

7.8CVSS8.2AI score0.02182EPSS
Exploits0References1
OSV
OSV
added 2019/11/13 2:15 p.m.21 views

CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

7.8CVSS8.1AI score0.02182EPSS
Exploits0References10
CVE
CVE
added 2019/11/13 1:55 p.m.490 views

CVE-2019-18397

Summary (CVE-2019-18397) : A heap-based buffer overflow affects FriBidi up to version 1.0.7 in fribidi_get_par_embedding_levels_ex() (lib/fribidi-bidi.c). This can cause denial of service and, in some cases, arbitrary code execution when rendering crafted text with apps using FriBidi for bidirect...

7.8CVSS8AI score0.02182EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/11/13 12:0 a.m.25 views

openSUSE Security Update : gdb (openSUSE-2019-2493)

This update for gdb fixes the following issues : Update to gdb 8.3.1: jscECO-368 Security issues fixed : - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. bsc1142772 Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version librpm.so.3...

7.8CVSS6.9AI score0.02628EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2019/11/12 7:7 p.m.35 views

CVE-2019-17451

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in bfddwarf2findnearestline in dwarf2.c, as demonstrated by nm...

6.5CVSS3.2AI score0.02396EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2019/11/12 7:7 p.m.34 views

CVE-2019-17450

findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted ELF file...

6.5CVSS5.1AI score0.02752EPSS
Exploits1References3
Fedora
Fedora
added 2019/11/12 2:8 a.m.12 views

[SECURITY] Fedora 30 Update: aspell-0.60.8-1.fc30

GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Its main feature is that it does a much better job of coming up with possible suggestions than just about any other spell checker out there for the English...

0.7AI score
Exploits0
OpenVAS
OpenVAS
added 2019/11/12 12:0 a.m.37 views

Fedora Update for community-mysql FEDORA-2019-c1fab3f139

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7CVSS6.6AI score0.04457EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.227 views

Linear eMerge E3 Access Controller Command Injection

Nortek Linear eMerge E3 Unauthenticated Remote Root Code Execution Metasploit by Gjoko 'LiquidWorm' Krstic Affected version: 'Linear eMerge E3 Access Controller Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller...

10CVSS0.8AI score0.97136EPSS
Exploits16
Rows per page
Query Builder