MiracleLinux 7 : rh-nodejs12-nodejs-12.18.4-3.el7 (AXSA:2020-894:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-894:04 advisory. nodejs-dot-prop: prototype pollution CVE-2020-8116 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion CVE-2020-8201 npm: Sensitive...

Libc Realpath缓冲区下溢漏洞(CVE-2018-1000001)

Introduction The vulnerability described here is caused by Linux kernel behaviour change in the syscall API returning relative pathnames in getcwd and non-defensive function implementation in libc failing to process that pathname correctly. Other libraries are very likely to be affected as well. ...

realpath() BSD and wu-ftpd / BSD FTP / SSH buffer overflow

off-by-one overflow in fbrealpath function in oversized path of few FTP commands...

WU-FTPD 2.6.2 - realpath() Off-by-One Buffer Overflow

WU-FTPD 2.6.2 - realpath Off-by-One Buffer Overflow // source: https://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A...