Buffer overflow

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc...

UBUNTU-CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc...

CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc...

CVE-2021-30184

GNU Chess 6.2.7 is affected by a buffer overflow when handling crafted PGN data, due to unsafe use of a .tmp.epd temporary file in frontend/cmd.cc (cmd_pgnload and cmd_pgnreplay). The vulnerability can allow arbitrary code execution with the privileges of the GNU Chess process. Public advisories ...

CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN Portable Game Notation data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc...

GNU Chess 安全漏洞

GNU Chess is a chess game program. A buffer overflow vulnerability exists in the cmdpgnload and cmdpgnreplay functions in frontend/cmd.cc in GNU Chess version 6.2.7. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted PGN data...

Linux kernel memory leak vulnerability (CNVD-2021-29473)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A kvmiobusunregisterdev memory leak vulnerability exists in virt/kvm/kvmmain.c in versions of Linux kernel prior to...

Amazon Linux AMI : screen (ALAS-2021-1492)

The version of screen installed on the remote host is prior to 4.0.3-19.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1492 advisory. A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to...

Gnu Mailman Command Injection (CVE-2020-12108)

A command injection vulnerability exists in Gnu Mailman. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Fedora: Security Advisory for exim (FEDORA-2021-89cb264e4d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for exim (FEDORA-2021-89cb264e4d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.

...

Fedora: Security Advisory for exim (FEDORA-2021-4eaf89b133)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU tar denial of service vulnerability (CNVD-2021-24265)

GNU Tar is a set of tools from the GNU community for creating files in tar format. A security vulnerability exists in tar 1.33 and earlier versions, which can be exploited by an attacker to submit a crafted input file to tar, resulting in uncontrolled memory consumption...

Fedora: Security Advisory for exim (FEDORA-2021-4eaf89b133)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: exim-4.94-7.fc34

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

GNU Binutils Heap Buffer Overflow Vulnerability (CNVD-2021-26203)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A heap buffer overflow vulnerability exists in bfdelfslurpsecondaryrelocsection in elf.c in GNU Binutils version 2.35.1. The vulnerability stems fr...

GNU libmicrohttpd Buffer Overflow Vulnerability

GNU libmicrohttpd is a GNU open source application. Run the HTTP server as part of another application. A buffer overflow vulnerability exists in versions of libmicrohttpd prior to 0.9.71, which stems from the fact that a missing bounds check will result in a buffer overflow that can be exploited...

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...

CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in bfdelfslurpsecondaryrelocsection in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability...