Lucene search
K

16992 matches found

Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.5 views

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that when processed by the glob function would potentially lead to arbitrary code execution. This was fixed in version 2.32.

...

7CVSS7AI score0.00535EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.4 views

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

...

7.8CVSS7.5AI score0.01976EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.4 views

In the GNU C Library (aka glibc or libc6) through 2.29 check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

...

7.5CVSS7.7AI score0.05804EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.4 views

An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

...

5.5CVSS6.4AI score0.01813EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.5 views

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

...

9.3CVSS7.7AI score0.0556EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.4 views

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 but the ! syntax is specific to ed and is unrelated to a shell metacharacter.

...

9.3CVSS7.9AI score0.0453EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/08/18 12:0 a.m.7 views

In the GNU C Library (aka glibc or libc6) through 2.29 proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

...

9.8CVSS6.9AI score0.04731EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2020/08/08 12:0 a.m.42 views

GNU GLOBAL: Arbitrary code execution

Background GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. Description A vulnerability was found in an undocumented function of gozilla. Impact A remote attacker...

8.8CVSS4.4AI score0.01228EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/08/08 12:0 a.m.11 views

Fedora: Security Advisory for radare2 (FEDORA-2020-aa51efe207)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.6CVSS9.5AI score0.01558EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2020/08/02 12:0 a.m.146 views

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation Vendor: All-Dynamics Software GmbH Vendor web page: https://www.all-dynamics.de Product web page: https://www.enlogic-show.com Affected version: 2.0.2 Build 2098 ILP32W 0/1/3/1597919619 Summary: Bring communication...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2020/07/31 12:0 a.m.25 views

Fedora: Security Advisory for golang (FEDORA-2020-9cd1204ba0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2020/07/29 12:0 a.m.26 views

FreeRDP < 2.2.0 Integer Overflow Vulnerability

FreeRDP is prone to an integer overflow vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...

3.5CVSS5.9AI score0.01466EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/29 12:0 a.m.7 views

The vulnerability of the memcpy function in the glibc library, which allows a hacker to execute arbitrary code in the context of a privileged process

The vulnerability of the memcpy function in the glibc library arises from an operation that occurs outside the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the privileged process context...

8.1CVSS8.2AI score0.05223EPSS
Exploits0References9Affected Software4
OpenVAS
OpenVAS
added 2020/07/28 12:0 a.m.8 views

Fedora: Security Advisory for bashtop (FEDORA-2020-54e4356732)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2020/07/27 12:0 a.m.66 views

Binutils: Multiple vulnerabilities

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers...

6.5CVSS1.9AI score0.02752EPSS
Exploits5
OpenVAS
OpenVAS
added 2020/07/27 12:0 a.m.26 views

openSUSE: Security Advisory for go1.13 (openSUSE-SU-2020:1087-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS7AI score0.02893EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/07/24 12:0 a.m.28 views

Fedora: Security Advisory for python27 (FEDORA-2020-e9251de272)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.9AI score0.06304EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/23 9:47 a.m.48 views

Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.

Summary GNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-17450 DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an infinite recursion in findabstractinstance in...

7.8CVSS1.5AI score0.02752EPSS
Exploits26Affected Software1
CNVD
CNVD
added 2020/07/22 12:0 a.m.3 views

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2020-41850)

GNU LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in the decodeR13R2000 of the decode.c file in GNU LibreDWG version 0.9.3 and earlier. The vulnerability stems from a networked system or product performing operations in memory without...

8.1CVSS7.3AI score0.01245EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.31 views

Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2014-8121)

Summary IBM SmartCloud Entry is vulnerable to GNU C library glibc vulnerabilities. Remote attackers can exploit them to cause the application to enter into an infinite loop. Vulnerability Details CVEID: CVE-2014-8121 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service, caused by...

5CVSS0.5AI score0.05649EPSS
Exploits1Affected Software1
Rows per page
Query Builder