16992 matches found
Amazon Linux AMI : patch (ALAS-2019-1312)
doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerable to OS shell...
Fedora Update for kernel FEDORA-2019-41e28660ae
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-17544
libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character...
Amazon Linux 2 : patch (ALAS-2019-1317)
doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerable to OS shell...
GNU GRUB2 'grub2-set-bootflag' Utility Local Denial of Service Vulnerability
Description GNU GRUB2 is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected GNU GRUB2 Redhat Enterprise Linux 8 Recommendations Permit local access for trusted individuals only. Where possible, us...
Fedora Update for radare2 FEDORA-2019-65c33bdc2a
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-12290
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
CVE-2019-12290
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
ALPINE-CVE-2019-12290
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
Code injection
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
CVE-2019-12290
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
CVE-2019-12290
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
CVE-2019-12290
Libidn2 (GNU libidn2) before 2.2.0 fails RFC3490 roundtrip checks when converting A-labels to U-labels, enabling domain impersonation. Affected: libidn2 (prior to 2.2.0). Remediation: upgrade to 2.2.0 or newer (advisories show updates to 2.3.x). Connected advisories also reference CVE-2019-18224 ...
CVE-2019-12290
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
GNU libidn2 Buffer Error Vulnerability
GNU libidn2 is a library that supports encoding and decoding of internationalized domain names. A buffer error vulnerability exists in the 'idn2toascii4i' function of the lib/lookup.c file in GNU libidn2 versions prior to 2.1.1, which can be exploited by attackers to cause, among other things, a...
CVE-2019-18224
idn2toascii4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string...
CVE-2019-18224
idn2toascii4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string...
Important: patch
Issue Overview: doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerab...
tcpdump Detection (SSH)
Checks whether tcpdump is installed on the target system and if so, tries to detect the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General...
[SECURITY] [DLA 1966-1] aspell security update
Package : aspell Version : 0.60.720110707-1.3+deb8u1 CVE ID : CVE-2019-17544 It was discovered that Aspell, the GNU spell checker, incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. For Debian 8 "Jessie",...