16996 matches found
EulerOS Virtualization for ARM 64 3.0.2.0 : patch (EulerOS-SA-2020-1540)
According to the version of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects...
CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...
UBUNTU-CVE-2020-1752
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially...
Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1571)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for ansible (FEDORA-2020-3990f03ba3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
FFmpeg <= 4.2.3 Buffer Overflow Vulnerability
FFmpeg is prone to a buffer overflow vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for gnuchess (FEDORA-2020-3eaf264c4b)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for cups (FEDORA-2020-ebd2ffb92c)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
The vulnerability of the verify_emsa_pkcs1ignature() function in the gmp IPSEC plugin of the strongSwan demon allows a attacker to disclose the protected information.
The vulnerability of the verifyemsapkcs1ignature function gmprsapublickey.c in the gmp IPSEC plugin for the strongSwan daemon allows for the exploitation of the cryptographic signature verification process. Exploiting this vulnerability could enable a malicious actor, operating remotely, to...
gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution
GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...
Moderate: Red Hat Security Advisory: gdb security and bug fix update
An update for gdb is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries
A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...
RHEL 8 : gdb (RHSA-2020:1635)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1635 advisory. The GNU Debugger GDB allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fixes: gdb: buff...
Mailman 2.x < 2.1.30 XSS Vulnerability
Mailman is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman";...
[SECURITY] Fedora 31 Update: gnuchess-6.2.6-1.fc31
The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...
[SECURITY] Fedora 32 Update: gnuchess-6.2.6-1.fc32
The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...
The vulnerability of the utility for applying changes between different versions of the GNU patch text files (inp.c and util.c) arises from an incorrect definition of the reference before accessing the file. This allows a malicious actor to compromise the integrity of the data.
The vulnerability of the utility for applying changes between different versions of the GNU patch text files inp.c and util.c is related to an incorrect definition of the reference pointer before accessing the file. Exploiting this vulnerability could allow a remote attacker to compromise the...
GNU Mailman Cross-Site Scripting Vulnerability
GNU Mailman is a free suite of software from the GNU Project for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage e-mail subscription accounts and provides built-in archiving, automatic forwarding processing, conten...
CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...
Code injection
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...