CVE-2021-3530

CVE-2021-3530 affects GNU Binutils 2.36 in rust-demangle.c (demangle_path). A crafted symbol can exhaust stack memory, causing a crash. Documented as fixed in subsequent binutils advisories (e.g., SUSE/SU advisories listing CVE-2021-3530 as fixed). No exploitation details are provided here; remed...

CVE-2021-3530

A flaw was discovered in GNU libiberty within demanglepath in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash...

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a denial of service (application crash) or possibly unspecified other impact.

...

GNU Binutils 安全漏洞

GNU Binutils GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU community. The programs are primarily used to work with target files in a variety of formats, and provide linkers, assemblers, and other tools for target files and archives. A...

[SECURITY] Fedora 33 Update: cflow-1.6-8.fc33

GNU cflow analyzes a collection of C source files and prints a graph, charting control flow within the program. GNU cflow is able to produce both direct and inverted flowgraphs for C sources. Optionally a cross-reference listing can be generated. Two output formats are implemented: POSIX and GNU...

[SECURITY] Fedora 34 Update: cflow-1.6-8.fc34

GNU cflow analyzes a collection of C source files and prints a graph, charting control flow within the program. GNU cflow is able to produce both direct and inverted flowgraphs for C sources. Optionally a cross-reference listing can be generated. Two output formats are implemented: POSIX and GNU...

LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: LogonTracer 1.2.0 - Remote Code Execution Unauthenticated Exploit Author: g0ldm45k Vendor Homepage: https://www.jpcert.or.jp/ Software Link: https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.0 Version: 1.2.0 and earlier Tested on: Version 1.2.0 on Debian GNU/Linux 8 jessie...

LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)

Exploit Title: LogonTracer 1.2.0 - Remote Code Execution Unauthenticated Date: 29/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.jpcert.or.jp/ Software Link: https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.0 Version: 1.2.0 and earlier Tested on: Version 1.2.0 on Debian...

GNU Gama Denial of Service Vulnerability

GNU Gama is a software package of the GNU community. It is used for traditional geodesy still used and needed in special surveys where the Global Positioning System GPS cannot be used e.g. underground or high-precision engineering surveys. A denial of service vulnerability exists in Gama version...

PHP 8.1.0-dev Backdoor Remote Command Execution Exploit (2)

PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor. !/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link:...

CVE-2020-18395

A NULL-pointer deference issue was discovered in GNUgama::set in ellipsoid.h in Gama 2.04 which can lead to a denial of service DOS via segment faults caused by crafted inputs...

Null pointer dereference

A NULL-pointer deference issue was discovered in GNUgama::set in ellipsoid.h in Gama 2.04 which can lead to a denial of service DOS via segment faults caused by crafted inputs...

CVE-2020-18395

A NULL-pointer deference issue was discovered in GNUgama::set in ellipsoid.h in Gama 2.04 which can lead to a denial of service DOS via segment faults caused by crafted inputs...

GNU Gama 代码问题漏洞

GNU Gama is a software package of the GNU community. It is used for traditional geodesy still used and needed in special surveys where the Global Positioning System GPS cannot be used e.g. underground or high-precision engineering surveys. A denial of service vulnerability exists in Gama version...

PHPFusion 9.03.50 Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

PHPFusion 9.03.50 - Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

wolfssl

This repository is an implementation of the wolfSSL library, a cryptographic library for secure communication. The library is designed to be used with various platforms, including Arduino, and provides a range of cryptographic functions for secure data transmission. The repository contains a...

Fedora: Security Advisory for slurm (FEDORA-2021-f75a803ff3)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-eventlet (FEDORA-2021-9fde3d7ab1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-3549

An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avrelf32loadrecordsfromsection probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as...