16992 matches found
CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
[SECURITY] Fedora 29 Update: exim-4.92.3-1.fc29
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
[SECURITY] Fedora 31 Update: exim-4.92.3-1.fc31
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
logrotten 3.15.1 - Privilege Escalation Exploit
Exploit Title: logrotten 3.15.1 - Privilege Escalation Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian GNU/Linux 9.5 stretch...
CVE-2019-13638
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
Fedora Update for exim FEDORA-2019-006dfc94cd
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
patch: do_ed_script in pch.c does not block strings beginning with a ! character
A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...
[SECURITY] Fedora 31 Update: libextractor-1.9-5.fc31
libextractor is a simple library for keyword extraction. libextractor does not support all formats but supports a simple plugging mechanism such that you can quickly add extractors for additional formats, even without recompiling libextractor. libextractor typically ships with a dozen...
EulerOS 2.0 SP8 : gettext (EulerOS-SA-2019-2075)
According to the version of the gettext packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in...
[SECURITY] [DSA 4537-1] file-roller security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4537-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 28, 2019 https://www.debian.org/security/faq -...
Fedora Update for java-1.8.0-openjdk-aarch32 FEDORA-2019-a5ec38072a
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-1982)
According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.CVE-2015-1196 - GNU patch 2.7.2 and earli...
EulerOS 2.0 SP3 : patch (EulerOS-SA-2019-2004)
According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrar...
EulerOS 2.0 SP3 : binutils (EulerOS-SA-2019-2041)
According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison,...
gnu-darwin.org Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-979187 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
[SECURITY] Fedora 29 Update: libgcrypt-1.8.5-1.fc29
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...
The vulnerability of the do_ed_script function in the GNU Patch software’s source code (src/pch.c) allows a malicious actor to access confidential information and execute arbitrary commands, due to the lack of measures taken to neutralize special elements used in the operating system’s command syntax.
The vulnerability of the doedscript function in the GNU Patch software lies in its failure to prevent the neutralization of special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to access confidential information and execute arbitrary comman...
Fedora Update for python34 FEDORA-2019-2b1f72899a
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: libgcrypt-1.8.5-1.fc31
Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...