Lucene search
K

16996 matches found

CVE
CVE
added 2020/04/24 12:37 p.m.305 views

CVE-2020-12137

CVE-2020-12137 affects GNU Mailman 2.x up to version 2.1.30. The root cause is using the .obj extension for scrubbed application/octet-stream MIME parts, which can trigger MIME sniffing and lead to XSS in list-archive visitors when HTTP replies lack a MIME type. The connected advisories indicate ...

6.1CVSS6.1AI score0.02288EPSS
Exploits0References11Affected Software1
Positive Technologies
Positive Technologies
added 2020/04/24 12:0 a.m.4 views

PT-2020-3649 · Gnu +6 · Gnu Mailman +6

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions 2.x through 2.1.29 GNU Mailman version 2.1.30 is not affected, but all versions prior to 2.1.30 are vulnerable. Description: The issue is related to the handling of MIME parts in GNU Mailman, which may contribute to...

8.5CVSS6.3AI score0.02698EPSS
Exploits1References80
Exploit DB
Exploit DB
added 2020/04/24 12:0 a.m.802 views

Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution

Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Date: 2020-04-24 Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A !/usr/bin/env python3 -- coding: utf-8...

10CVSS9.7AI score0.09876EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2020/04/24 12:0 a.m.91 views

Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution

Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...

10CVSS8.2AI score0.09876EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.89 views

Ubuntu 18.04 LTS : GNU binutils vulnerabilities (USN-4336-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4336-1 advisory. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a...

9.8CVSS6.9AI score0.0669EPSS
Exploits36References44
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.3 views

The vulnerability of the “CSRF” cross-request mechanism in the GNU Privacy Guard (GnuPG) software for encrypting data and generating digital signatures allows attackers to carry out denial-of-service attacks.

The vulnerability of the “CSRF” mechanism used by the GNU Privacy Guard GnuPG software for encrypting data and generating digital signatures is related to deficiencies in the processing of authentication requests for applications. Exploiting this vulnerability can allow an attacker to carry out a...

6.8CVSS6.7AI score0.01041EPSS
Exploits1References9Affected Software7
Ubuntu
Ubuntu
added 2020/04/22 11:40 a.m.179 views

USN-4336-1: GNU binutils vulnerabilities

It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS6.5AI score0.0669EPSS
Exploits36
OSV
OSV
added 2020/04/17 7:15 p.m.0 views

DEBIAN-CVE-2020-1751

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...

7CVSS7.1AI score0.00537EPSS
Exploits0References1
OSV
OSV
added 2020/04/17 7:15 p.m.0 views

UBUNTU-CVE-2020-1751

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...

7CVSS7.2AI score0.00537EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/04/17 12:0 a.m.4 views

The vulnerability of the implementation of the HMAC-SHA-256 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.

The vulnerability of the HMAC-SHA-256 mechanism implemented in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recovers the...

7.1CVSS6.3AI score0.03623EPSS
Exploits0References8Affected Software4
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.42 views

EulerOS Virtualization 3.0.2.2 : gettext (EulerOS-SA-2020-1469)

According to the version of the gettext packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid...

9.8CVSS6.9AI score0.04293EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.45 views

EulerOS Virtualization 3.0.2.2 : pcre (EulerOS-SA-2020-1485)

According to the version of the pcre packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Integer overflow in the IOwstroverflow function in libio/wstrops.c in the GNU C Library aka glibc or libc6 before 2.22 allows...

7.5CVSS8.7AI score0.04371EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/15 12:0 a.m.29 views

EulerOS 2.0 SP3 : gcc (EulerOS-SA-2020-1383)

According to the version of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking source...

5CVSS7.4AI score0.02941EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/15 12:0 a.m.34 views

EulerOS 2.0 SP3 : screen (EulerOS-SA-2020-1433)

According to the version of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial o...

5CVSS7.3AI score0.04148EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.5 views

The vulnerability of the disable_priv_mode command in the GNU Bash shell, related to improper checking of deleted privileges, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the disableprivmode command in the GNU Bash shell relates to a privilege reset error. This occurs when the command is executed with a valid UID, but the UID does not match its actual value. Exploiting this vulnerability can allow an attacker to access confidential data,...

7.2CVSS7.2AI score0.02608EPSS
Exploits5References10Affected Software2
OpenVAS
OpenVAS
added 2020/04/14 12:0 a.m.97 views

Squid <= 4.14 Privilege Escalation Vulnerability

Squid is prone to a privilege escalation vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

4.5CVSS7.2AI score0.00344EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/12 12:0 a.m.29 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fd87f90634)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8AI score
Exploits0References2
Veracode
Veracode
added 2020/04/10 12:41 a.m.39 views

Privilege Escalation

The gcc and gcc4 is vulnerable to Privilege Escalation. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to tri...

6.9CVSS3.8AI score0.00394EPSS
Exploits1References41Affected Software1
Veracode
Veracode
added 2020/04/10 12:18 a.m.26 views

Arbitrary File Overwrite

tar is vulnerable to arbitrary file overwrite. The vulnerability exists as a path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access...

6.8CVSS2.9AI score0.02743EPSS
Exploits1References40Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/09 12:21 p.m.54 views

CVE-2018-18751

An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...

9.8CVSS1.8AI score0.04293EPSS
Exploits1References2
Rows per page
Query Builder