Advisory ROSA-SA-2021-1861

Software: less 458 OS: Cobalt 7.9 CVE-ID: CVE-2014-9488 CVE-Crit: CRITICAL. CVE-DESC: The isutf8wellformed function in GNU less to 475 allows remote attackers to have undefined impact using garbled UTF-8 characters, causing reads outside the valid range. CVE-STATUS: default CVE-REV: default...

Advisory ROSA-SA-2021-1828

Software: emacs 24.3 OS: Cobalt 7.9 CVE-ID: CVE-2014-3421 CVE-Crit: CRITICAL CVE-DESC: lisp / gnus / gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files using a symbolic link attack on the temporary file /tmp/gnus.face.ppm. CVE-STATUS: default CVE-REV: defaul...

Advisory ROSA-SA-2021-1826

Software: ed 1.9 OS: Cobalt 7.9 CVE-ID: CVE-2015-2987 CVE-Crit: MEDIUM CVE-DESC: Type74 ED before 4.0 incorrectly uses 128-bit ECB encryption for small files, making it easier for attackers to obtain plaintext data by differential cryptanalysis of a file with an original length of less than 128...

Advisory ROSA-SA-2021-1814

Software: coreutils 8.22 OS: Cobalt 7.9 CVE-ID: CVE-2017-18018 CVE-Crit: MEDIUM CVE-DESC: In GNU Coreutils before 8.29, chown-core.c in chown and chgrp does not prevent replacing a simple file with a symbolic link while using POSIX "-R -L" parameters, allowing local users to change ownership of...

Advisory ROSA-SA-2021-1802

Software: bash 4.2.46 OS: Cobalt 7.9 CVE-ID: CVE-2012-6711 CVE-Crit: HIGH CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LCCTYPE environment variable are printed using the built-in echo function...

GNU LibreDWG Resource Management Error Vulnerability

GNU LibreDWG is a C library for processing DWG files from the GNU community. GNU LibreDWG is vulnerable due to a double-free in bitchainfree from dwg encodeMTEXT and dwgencodeaddobject calls. No detailed vulnerability details are currently available...

Invoke-DNSteal - Simple And Customizable DNS Data Exfiltrator

Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator. This tool helps you to exfiltrate data through DNS protocol over UDP and TCP, and lets you control the size of queries using random delay. Also, allows you to avoid detections by using random domains in each of your queries and you c...

CVE-2021-36080

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bitchainfree called from dwgencodeMTEXT and dwgencodeaddobject...

CVE-2021-36080

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bitchainfree called from dwgencodeMTEXT and dwgencodeaddobject...

Double free

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bitchainfree called from dwgencodeMTEXT and dwgencodeaddobject...

CVE-2021-36080

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bitchainfree called from dwgencodeMTEXT and dwgencodeaddobject...

CVE-2021-36080

CVE-2021-36080 affects GNU LibreDWG 0.12.3.4163 through 0.12.3.4191. The issue is a double-free in bit_chain_free , triggered by calls from dwg_encode_MTEXT and dwg_encode_add_object . Documented impact is memory management error; CVSS v2/3 metrics indicate high severity (base CVSSv3.1 8.8, NETWO...

[SECURITY] Fedora 34 Update: libgcrypt-1.9.3-3.fc34

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2058)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BF...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2047)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2058)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2047)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BF...

[SECURITY] Fedora 33 Update: libgcrypt-1.8.8-1.fc33

Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This is a development version...

EulerOS Virtualization for ARM 64 3.0.6.0 : binutils (EulerOS-SA-2021-2024)

According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and...

EulerOS Virtualization for ARM 64 3.0.6.0 : screen (EulerOS-SA-2021-2008)

According to the version of the screen package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and...