16992 matches found
CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
Code injection
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
CVE-2019-1010024
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...
CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
Jumpserver bastion is vulnerable to logic flaws
Jumpserver is an open source bastion , using the GNU GPLv2.0 open source protocol , is in line with the 4A professional operations audit system . Jumpserver bastion machine has a logic flaw vulnerability that can be exploited by attackers to cause MFA secondary authentication can be bypassed...
CVE-2019-19126
On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...
CVE-2019-19126
CVE-2019-19126 affects glibc on x86-64 where LD_PREFER_MAP_32BIT_EXEC is not ignored after a security transition, enabling local attackers to bypass ASLR on setuid binaries by narrowing library address mappings. Public sources in Connected documents confirm the issue exists in glibc versions befo...
Security Bulletin: GNU C library (glibc) vulnerability affects IBM WebSphere Cast Iron Solution (CVE-2015-8776)
Summary Open source GNU C library glibc vulnerability affects IBM WebSphere Cast Iron Solution. Vulnerability Details CVEID: CVE-2015-8776 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service. By passing out-of-range time values to the strftime function, a remote attacker could...
FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)
Sergey Poznyakoff reports : This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpiosafernamesuffix function ...
USN-4176-1: GNU cpio vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. CVEs contained in this USN...
Amazon Linux 2 : binutils (ALAS-2019-1358)
An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...
ALPINE-CVE-2019-18397
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
CVE-2019-18397
A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...
CVE-2019-18397
Summary (CVE-2019-18397) : A heap-based buffer overflow affects FriBidi up to version 1.0.7 in fribidi_get_par_embedding_levels_ex() (lib/fribidi-bidi.c). This can cause denial of service and, in some cases, arbitrary code execution when rendering crafted text with apps using FriBidi for bidirect...
openSUSE Security Update : gdb (openSUSE-2019-2493)
This update for gdb fixes the following issues : Update to gdb 8.3.1: jscECO-368 Security issues fixed : - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. bsc1142772 Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version librpm.so.3...
CVE-2019-17451
An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in bfddwarf2findnearestline in dwarf2.c, as demonstrated by nm...
CVE-2019-17450
findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted ELF file...
[SECURITY] Fedora 30 Update: aspell-0.60.8-1.fc30
GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Its main feature is that it does a much better job of coming up with possible suggestions than just about any other spell checker out there for the English...
Fedora Update for community-mysql FEDORA-2019-c1fab3f139
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Linear eMerge E3 Access Controller Command Injection
Nortek Linear eMerge E3 Unauthenticated Remote Root Code Execution Metasploit by Gjoko 'LiquidWorm' Krstic Affected version: 'Linear eMerge E3 Access Controller Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller...