16996 matches found
CVE-2018-12698
demangletemplate in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption aka OOM during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump...
CVE-2018-19932
An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...
CVE-2018-20623
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...
CVE-2018-17985
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P' characters...
The vulnerability of the libaspell.a component in the GNU Aspell spell-checking program allows a hacker to disclose protected information or cause system failures.
The vulnerability of the libaspell.a component in the GNU Aspell spell-checking program is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information or cause system failures...
WordPress Contavt Form 7 Datepicker Plugin <= 2.6.0 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112730";...
CVE-2018-18483
The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc called with the result of an integer-overflowing calculation or possibly have unspecified other impact via a crafted string, as demonstrated by...
CVE-2018-20673
The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability for "Create an array for saving the template argument values" that can trigger a heap-based buffer overflow, as demonstrated by nm...
CVE-2018-18309
An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in readreloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, a...
ALPINE-CVE-2020-11501
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...
GNU C Library Buffer Overflow Vulnerability (CNVD-2020-29729)
The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A buffer overflow vulnerability exists in versions of the GNU C Library prior to 2.31. The vulnerability stems from a networked system or product performing operations in memory without properly...
GNU C Library Resource Management Error Vulnerability
The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A resource management error vulnerability exists in glob in GNU C Library version 2.14. A local attacker can exploit this vulnerability to execute arbitrary code by creating specially crafted paths...
Samsung AllShare Server Detection (HTTP)
Checks whether Samsung AllShare Server is present on the target system and if so, tries to figure out the installed version. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms o...
Fedora: Security Advisory for drupal8 (FEDORA-2020-51637cf853)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing
This experimental fuzzer is meant to be used for API in-memory fuzzing. The design is highly inspired and based on AFL/AFL++. ATM the mutator is quite simple, just the AFL's havoc and splice stages. I tested only the examples under tests/, this is a WIP project but is known to works at least on...
CVE-2020-6096
A signed comparison vulnerability was found in GNU libc in the ARMv7 implementation of memcpy. The flaw affects the third argument to memcpy that specifies the number of bytes to copy. An underflow on the third argument could lead to undefined behavior such as out-of-bounds memory write and...
CVE-2018-6551
The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...
EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2020-1346)
According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon laun...
EulerOS Virtualization for ARM 64 3.0.6.0 : patch (EulerOS-SA-2020-1335)
According to the version of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects...
EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)
According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This...