NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0040)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - An integer overflow in the implementation of the posixmemalign in memalign functions in the GNU C Library aka glibc or libc6 2.26 and earlier could...

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

CVE-2013-6127

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2005-3346

CVE-2005-3346 affects osh (OSHevironment) 1.7-14, where a buffer overflow in the environment variable substitution code (main.c) can be triggered by pathname args like "$VAR/EVAR=arg". This allows a local attacker to inject arbitrary environment variables (e.g., LD_PRELOAD) and, per Debian's advi...

CVE-2003-0622

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service hang via pathname arguments that contain MS-DOS device names such as CON and AUX...