16996 matches found
CVE-2020-12137
CVE-2020-12137 affects GNU Mailman 2.x up to version 2.1.30. The root cause is using the .obj extension for scrubbed application/octet-stream MIME parts, which can trigger MIME sniffing and lead to XSS in list-archive visitors when HTTP replies lack a MIME type. The connected advisories indicate ...
PT-2020-3649 · Gnu +6 · Gnu Mailman +6
Name of the Vulnerable Software and Affected Versions: GNU Mailman versions 2.x through 2.1.29 GNU Mailman version 2.1.30 is not affected, but all versions prior to 2.1.30 are vulnerable. Description: The issue is related to the handling of MIME parts in GNU Mailman, which may contribute to...
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution
Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Date: 2020-04-24 Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A !/usr/bin/env python3 -- coding: utf-8...
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...
Ubuntu 18.04 LTS : GNU binutils vulnerabilities (USN-4336-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4336-1 advisory. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a...
The vulnerability of the “CSRF” cross-request mechanism in the GNU Privacy Guard (GnuPG) software for encrypting data and generating digital signatures allows attackers to carry out denial-of-service attacks.
The vulnerability of the “CSRF” mechanism used by the GNU Privacy Guard GnuPG software for encrypting data and generating digital signatures is related to deficiencies in the processing of authentication requests for applications. Exploiting this vulnerability can allow an attacker to carry out a...
USN-4336-1: GNU binutils vulnerabilities
It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code...
DEBIAN-CVE-2020-1751
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...
UBUNTU-CVE-2020-1751
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest...
The vulnerability of the implementation of the HMAC-SHA-256 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.
The vulnerability of the HMAC-SHA-256 mechanism implemented in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recovers the...
EulerOS Virtualization 3.0.2.2 : gettext (EulerOS-SA-2020-1469)
According to the version of the gettext packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid...
EulerOS Virtualization 3.0.2.2 : pcre (EulerOS-SA-2020-1485)
According to the version of the pcre packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Integer overflow in the IOwstroverflow function in libio/wstrops.c in the GNU C Library aka glibc or libc6 before 2.22 allows...
EulerOS 2.0 SP3 : gcc (EulerOS-SA-2020-1383)
According to the version of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking source...
EulerOS 2.0 SP3 : screen (EulerOS-SA-2020-1433)
According to the version of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial o...
The vulnerability of the disable_priv_mode command in the GNU Bash shell, related to improper checking of deleted privileges, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the disableprivmode command in the GNU Bash shell relates to a privilege reset error. This occurs when the command is executed with a valid UID, but the UID does not match its actual value. Exploiting this vulnerability can allow an attacker to access confidential data,...
Squid <= 4.14 Privilege Escalation Vulnerability
Squid is prone to a privilege escalation vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...
Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fd87f90634)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Privilege Escalation
The gcc and gcc4 is vulnerable to Privilege Escalation. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to tri...
Arbitrary File Overwrite
tar is vulnerable to arbitrary file overwrite. The vulnerability exists as a path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access...
CVE-2018-18751
An issue was discovered in GNU gettext 0.19.8. There is a double free in defaultaddmessage in read-catalog.c, related to an invalid free in pogramparse in po-gram-gen.y, as demonstrated by lt-msgfmt...