EulerOS Virtualization for ARM 64 3.0.6.0 : screen (EulerOS-SA-2021-2008)

According to the version of the screen package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service invalid write access and...

EulerOS 2.0 SP8 : binutils (EulerOS-SA-2021-1976)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with...

OESA-2021-1239 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

openSUSE: Security Advisory for tor (openSUSE-SU-2021:0926-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Vulnerability fixed in libgcrypt

The developers of GnuPG have fixed a vulnerability in libgcrypt. The vulnerability is caused by an insecure implementation of ElGamal cryptography. A malicious person could potentially exploit the vulnerability to perform a side-channel attack against data encrypted using ElGamal. Few substantive...

GNUBOARD5 SQL注入漏洞

GNUBOARD5 is a Web forum system based on PHP and MySQL. A SQL injection vulnerability exists in GNUBOARD5 5.3.2.8 and earlier versions. The vulnerability can be exploited to conduct SQL injection attacks via the tableprefix parameter in installdb.php...

The vulnerability in the run-x-session script of the LDM package for the Debian GNU/Linux operating system allows a hacker to elevate their privileges to the level of the superuser.

The vulnerability in the run-x-session script of the LDM package for the Debian GNU/Linux operating system is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate their privileges to a superuser level...

Denial Of Service (DoS)

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

Websvn 2.6.0 Remote Code Execution

Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Date: 20/06/2021 Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE :...

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in GNU cpio (CVE-2019-14866)

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-14866 DESCRIPTION: GNU cpio could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to properly validate input files when...

Websvn 2.6.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE : CVE-2021-32305 import...

The vulnerability of the `glob` function in the glibc library of the Aurora operating system, related to the use of memory after it is freed, allows a hacker to increase their privileges and execute arbitrary code.

The vulnerability of the glob function in the glibc library of the Aurora operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

The vulnerability of the glibc library in the Aurora operating system, related to reading beyond the buffer in memory, allows a hacker to cause a service failure.

The vulnerability of the glibc library in the Aurora operating system is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

Fedora: Security Advisory for dotnet3.1 (FEDORA-2021-cb4f3ab817)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PHPMailer < 6.5.0 RCE Vulnerability

PHPMailer is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

MGASA-2021-0250 Updated gnuchess package fix a security vulnerability

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc. CVE-2021-30184...

F5 Networks BIG-IP : glibc vulnerability (K38481791)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.3 / 15.1.4 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K38481791 advisory. The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range...

SUSE SLES11 Security Update : mailman (SUSE-SU-2020:14423-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2020:14423-1 advisory. - GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. CVE-2020-15011 Note that Nessus has...

SUSE SLES11 Security Update : tar (SUSE-SU-2019:14215-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14215-1 advisory. - GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of...

WordPress visitors-app 0.3 Plugin - (user-agent) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting XSS Exploit Author: Mesut Cetin Vendor Homepage: https://profiles.wordpress.org/domingoruiz/ Software Link: https://wordpress.org/plugins/visitors-app/ Version: 0.3 Tested on: Debian GNU/Linux 10 Reference...