Lucene search
K

16996 matches found

Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.68 views

EulerOS Virtualization for ARM 64 3.0.2.0 : patch (EulerOS-SA-2020-1540)

According to the version of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects...

5.9CVSS6.4AI score0.03927EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/30 5:41 p.m.37 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.1CVSS1.7AI score0.02288EPSS
Exploits0References3
OSV
OSV
added 2020/04/30 5:15 p.m.3 views

UBUNTU-CVE-2020-1752

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially...

7CVSS7.1AI score0.00535EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.7AI score0.01952EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.59 views

Fedora: Security Advisory for ansible (FEDORA-2020-3990f03ba3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.9CVSS6AI score0.00506EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.60 views

FFmpeg <= 4.2.3 Buffer Overflow Vulnerability

FFmpeg is prone to a buffer overflow vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS9.7AI score0.03756EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.52 views

Fedora: Security Advisory for gnuchess (FEDORA-2020-3eaf264c4b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.6AI score0.01468EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.61 views

Fedora: Security Advisory for cups (FEDORA-2020-ebd2ffb92c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.8AI score0.00387EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/04/29 12:0 a.m.3 views

The vulnerability of the verify_emsa_pkcs1ignature() function in the gmp IPSEC plugin of the strongSwan demon allows a attacker to disclose the protected information.

The vulnerability of the verifyemsapkcs1ignature function gmprsapublickey.c in the gmp IPSEC plugin for the strongSwan daemon allows for the exploitation of the cryptographic signature verification process. Exploiting this vulnerability could enable a malicious actor, operating remotely, to...

7.8CVSS6.5AI score0.01888EPSS
Exploits0References7Affected Software9
RedHat Linux
RedHat Linux
added 2020/04/28 4:8 p.m.5 views

gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet...

7.8CVSS7.3AI score0.02628EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/04/28 4:8 p.m.38 views

Moderate: Red Hat Security Advisory: gdb security and bug fix update

An update for gdb is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

7.8CVSS7.2AI score0.02628EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/04/28 3:53 p.m.2 views

glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

3.3CVSS7AI score0.00409EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/04/28 12:0 a.m.24 views

RHEL 8 : gdb (RHSA-2020:1635)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1635 advisory. The GNU Debugger GDB allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fixes: gdb: buff...

7.8CVSS7.1AI score0.02628EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2020/04/28 12:0 a.m.43 views

Mailman 2.x < 2.1.30 XSS Vulnerability

Mailman is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman";...

6.1CVSS6.3AI score0.02288EPSS
Exploits0References1
Fedora
Fedora
added 2020/04/27 4:48 a.m.31 views

[SECURITY] Fedora 31 Update: gnuchess-6.2.6-1.fc31

The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...

7.8CVSS1.7AI score0.01468EPSS
Exploits1
Fedora
Fedora
added 2020/04/27 2:46 a.m.34 views

[SECURITY] Fedora 32 Update: gnuchess-6.2.6-1.fc32

The gnuchess package contains the GNU chess program. By default, GNU chess uses a curses text-based interface. Alternatively, GNU chess can be used in conjunction with the xboard user interface and the X Window System for play using a graphical chess board. Install the gnuchess package if you wou...

7.8CVSS1.7AI score0.01468EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2020/04/27 12:0 a.m.4 views

The vulnerability of the utility for applying changes between different versions of the GNU patch text files (inp.c and util.c) arises from an incorrect definition of the reference before accessing the file. This allows a malicious actor to compromise the integrity of the data.

The vulnerability of the utility for applying changes between different versions of the GNU patch text files inp.c and util.c is related to an incorrect definition of the reference pointer before accessing the file. Exploiting this vulnerability could allow a remote attacker to compromise the...

7.1CVSS6.6AI score0.03927EPSS
Exploits0References12Affected Software5
CNVD
CNVD
added 2020/04/26 12:0 a.m.1 views

GNU Mailman Cross-Site Scripting Vulnerability

GNU Mailman is a free suite of software from the GNU Project for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage e-mail subscription accounts and provides built-in archiving, automatic forwarding processing, conten...

6.1CVSS8.2AI score0.02288EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/04/24 1:15 p.m.31 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.1CVSS6.7AI score0.02288EPSS
Exploits0References8
Prion
Prion
added 2020/04/24 1:15 p.m.21 views

Code injection

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

4.3CVSS6.2AI score0.02288EPSS
Exploits0References11Affected Software6
Rows per page
Query Builder