16992 matches found
SUSE SLED15 / SLES15 Security Update : gdb (SUSE-SU-2019:2902-1)
This update for gdb fixes the following issues : Update to gdb 8.3.1: jscECO-368 Security issues fixed : CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. bsc1142772 Upgrade libipt from v2.0 to v2.0.1. Enable librpm for version librpm.so.3...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
USN-4176-1: GNU cpio vulnerability
Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation...
libiberty: Memory leak in demangle_template function resulting in a denial of service
A vulnerability was found in the demangletemplate function in GNU libiberty, as distributed in GNU Binutils, where a memory leak could occur, a specially crafted file could cause the application to consume excessive memory, potentially leading to a crash...
Low: Red Hat Security Advisory: gdb security, bug fix, and enhancement update
An update for gdb is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...
glibc: getaddrinfo should reject IP addresses with trailing characters
In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...
gnu-efi bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
ALBA-2019:3682 gnu-efi bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
UBUNTU-CVE-2013-4412
slim has NULL pointer dereference when using crypt method from glibc 2.17...
CVE-2018-7642
The swapstdrelocin function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service aout32swapstdrelocout NULL pointer dereference and application crash via a crafted ELF file, as demonstrated by...
PT-2019-6950 · Gnu · Glibc
Name of the Vulnerable Software and Affected Versions: slim affected versions not specified Description: The issue is related to a NULL pointer dereference in slim when using the crypt method from glibc 2.17. Recommendations: At the moment, there is no information about a newer version that...
rdesktop <= 1.8.4 Denial of Service (DoS) vulnerability
rdesktop is prone to a denial of service DoS vulnerability. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Softwar...
[ASA-201911-3] glibc: information disclosure
Arch Linux Security Advisory ASA-201911-3 ========================================= Severity: High Date : 2019-11-03 CVE-ID : CVE-2019-9169 Package : glibc Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-855 Summary ======= The package glibc before version 2.30...
MGASA-2019-0311 Updated aspell packages fix security vulnerability
Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character CVE-2019-17544...
Updated aspell packages fix security vulnerability
Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character CVE-2019-17544...
CVE-2018-12934
rememberKtype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption aka OOM. This can occur during execution of cxxfilt...
CVE-2018-19931
An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfdelf32swapphdrin in elfcode.h because the number of program headers is not restricted...
Fedora Update for varnish FEDORA-2019-59e3cb90a3
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
DEBIAN-CVE-2018-21029
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...
PT-2019-10455 · Systemd +1 · Systemd +1
Name of the Vulnerable Software and Affected Versions: systemd versions 239 through 245 Description: The issue concerns the acceptance of any certificate signed by a trusted certificate authority for DNS Over TLS, without sending Server Name Indication SNI and without hostname validation when usi...