Lucene search
K

16992 matches found

RedhatCVE
RedhatCVE
added 2019/10/10 4:15 a.m.37 views

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

9.3CVSS4.9AI score0.0556EPSS
Exploits0References1
Fedora
Fedora
added 2019/10/09 5:24 p.m.42 views

[SECURITY] Fedora 29 Update: exim-4.92.3-1.fc29

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

10CVSS1.5AI score0.42482EPSS
Exploits4
Fedora
Fedora
added 2019/10/07 12:4 a.m.36 views

[SECURITY] Fedora 31 Update: exim-4.92.3-1.fc31

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

9.8CVSS1.5AI score0.42482EPSS
Exploits3
0day.today
0day.today
added 2019/10/07 12:0 a.m.389 views

logrotten 3.15.1 - Privilege Escalation Exploit

Exploit Title: logrotten 3.15.1 - Privilege Escalation Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian GNU/Linux 9.5 stretch...

0.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2019/10/06 4:31 a.m.34 views

CVE-2019-13638

A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...

9.3CVSS3.5AI score0.0453EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/10/04 12:0 a.m.89 views

Fedora Update for exim FEDORA-2019-006dfc94cd

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/03 2:16 p.m.0 views

patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

9.3CVSS5.7AI score0.02706EPSS
Exploits1References5
Fedora
Fedora
added 2019/09/30 12:3 a.m.29 views

[SECURITY] Fedora 31 Update: libextractor-1.9-5.fc31

libextractor is a simple library for keyword extraction. libextractor does not support all formats but supports a simple plugging mechanism such that you can quickly add extractors for additional formats, even without recompiling libextractor. libextractor typically ships with a dozen...

6.5CVSS1AI score0.01696EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.31 views

EulerOS 2.0 SP8 : gettext (EulerOS-SA-2019-2075)

According to the version of the gettext packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in...

9.8CVSS7AI score0.04293EPSS
Exploits1References2
Debian
Debian
added 2019/09/28 2:9 p.m.149 views

[SECURITY] [DSA 4537-1] file-roller security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4537-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...

4.3CVSS4.8AI score0.02132EPSS
Exploits1
OpenVAS
OpenVAS
added 2019/09/26 12:0 a.m.21 views

Fedora Update for java-1.8.0-openjdk-aarch32 FEDORA-2019-a5ec38072a

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.33 views

EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-1982)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.CVE-2015-1196 - GNU patch 2.7.2 and earli...

7.1CVSS6.5AI score0.06096EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.28 views

EulerOS 2.0 SP3 : patch (EulerOS-SA-2019-2004)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrar...

7.8CVSS6.5AI score0.11199EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.55 views

EulerOS 2.0 SP3 : binutils (EulerOS-SA-2019-2041)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison,...

7.8CVSS7.2AI score0.08544EPSS
Exploits9References24
Openbugbounty
Openbugbounty
added 2019/09/23 1:21 p.m.10 views

gnu-darwin.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-979187 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/09/19 4:11 a.m.3 views

patch: OS shell command injection when processing crafted patch files

A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...

9.3CVSS5.7AI score0.0453EPSS
Exploits0References4
Fedora
Fedora
added 2019/09/19 1:53 a.m.11 views

[SECURITY] Fedora 29 Update: libgcrypt-1.8.5-1.fc29

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

2.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/09/19 12:0 a.m.3 views

The vulnerability of the do_ed_script function in the GNU Patch software’s source code (src/pch.c) allows a malicious actor to access confidential information and execute arbitrary commands, due to the lack of measures taken to neutralize special elements used in the operating system’s command syntax.

The vulnerability of the doedscript function in the GNU Patch software lies in its failure to prevent the neutralization of special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to access confidential information and execute arbitrary comman...

7.8CVSS5.8AI score0.0453EPSS
Exploits0References16Affected Software5
OpenVAS
OpenVAS
added 2019/09/19 12:0 a.m.58 views

Fedora Update for python34 FEDORA-2019-2b1f72899a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.7AI score
Exploits0References2
Fedora
Fedora
added 2019/09/18 12:5 a.m.11 views

[SECURITY] Fedora 31 Update: libgcrypt-1.8.5-1.fc31

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

2.5AI score
Exploits0
Rows per page
Query Builder