Lucene search
K

16996 matches found

RedhatCVE
RedhatCVE
added 2020/04/08 9:6 p.m.40 views

CVE-2018-12698

demangletemplate in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption aka OOM during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump...

7.5CVSS6AI score0.0669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2020/04/08 5:28 a.m.39 views

CVE-2018-19932

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...

5.5CVSS2.7AI score0.01908EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/04/08 5:20 a.m.22 views

CVE-2018-20623

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

5.5CVSS3.6AI score0.01825EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/04/06 5:8 p.m.30 views

CVE-2018-17985

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P' characters...

5.5CVSS3.2AI score0.01297EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.6 views

The vulnerability of the libaspell.a component in the GNU Aspell spell-checking program allows a hacker to disclose protected information or cause system failures.

The vulnerability of the libaspell.a component in the GNU Aspell spell-checking program is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information or cause system failures...

9.4CVSS7.1AI score0.03259EPSS
Exploits0References10Affected Software4
OpenVAS
OpenVAS
added 2020/04/06 12:0 a.m.19 views

WordPress Contavt Form 7 Datepicker Plugin <= 2.6.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112730";...

5.4CVSS5.5AI score0.00712EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2020/04/05 11:8 a.m.29 views

CVE-2018-18483

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc called with the result of an integer-overflowing calculation or possibly have unspecified other impact via a crafted string, as demonstrated by...

7.8CVSS6.7AI score0.02373EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2020/04/04 11:12 p.m.28 views

CVE-2018-20673

The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability for "Create an array for saving the template argument values" that can trigger a heap-based buffer overflow, as demonstrated by nm...

5.5CVSS4.3AI score0.01637EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/04/04 11:7 p.m.36 views

CVE-2018-18309

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in readreloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, a...

5.5CVSS2.2AI score0.01829EPSS
Exploits1References2
OSV
OSV
added 2020/04/03 1:15 p.m.1 views

ALPINE-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

7.4CVSS6.9AI score0.03388EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/03 12:0 a.m.2 views

GNU C Library Buffer Overflow Vulnerability (CNVD-2020-29729)

The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A buffer overflow vulnerability exists in versions of the GNU C Library prior to 2.31. The vulnerability stems from a networked system or product performing operations in memory without properly...

7CVSS9.7AI score0.00537EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/03 12:0 a.m.3 views

GNU C Library Resource Management Error Vulnerability

The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A resource management error vulnerability exists in glob in GNU C Library version 2.14. A local attacker can exploit this vulnerability to execute arbitrary code by creating specially crafted paths...

7CVSS8.4AI score0.00535EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/03 12:0 a.m.198 views

Samsung AllShare Server Detection (HTTP)

Checks whether Samsung AllShare Server is present on the target system and if so, tries to figure out the installed version. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms o...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2020/04/03 12:0 a.m.12 views

Fedora: Security Advisory for drupal8 (FEDORA-2020-51637cf853)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2020/04/02 8:30 p.m.100 views

Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing

This experimental fuzzer is meant to be used for API in-memory fuzzing. The design is highly inspired and based on AFL/AFL++. ATM the mutator is quite simple, just the AFL's havoc and splice stages. I tested only the examples under tests/, this is a WIP project but is known to works at least on...

7.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/02 7:1 p.m.41 views

CVE-2020-6096

A signed comparison vulnerability was found in GNU libc in the ARMv7 implementation of memcpy. The flaw affects the third argument to memcpy that specifies the number of bytes to copy. An underflow on the third argument could lead to undefined behavior such as out-of-bounds memory write and...

8.1CVSS4.2AI score0.05223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/02 8:33 a.m.33 views

CVE-2018-6551

The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller than requested, eventually...

9.8CVSS3AI score0.02231EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.65 views

EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2020-1346)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon laun...

9.3CVSS6.8AI score0.06617EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.30 views

EulerOS Virtualization for ARM 64 3.0.6.0 : patch (EulerOS-SA-2020-1335)

According to the version of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects...

5.9CVSS6.4AI score0.03927EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.31 views

EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)

According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This...

7.5CVSS7.3AI score0.08036EPSS
Exploits1References2
Rows per page
Query Builder