Oracle Linux 7 : glibc (ELSA-2020-3861)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3861 advisory. - Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984. Tenable has extracted the preceding description block directly from the Oracle Linu...

SUSE CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365

Microsoft 365 M365, formerly called Office 365 O365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-1676)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

CVE-2019-19126

CVE-2019-19126 affects glibc on x86-64 where LD_PREFER_MAP_32BIT_EXEC is not ignored after a security transition, enabling local attackers to bypass ASLR on setuid binaries by narrowing library address mappings. Public sources in Connected documents confirm the issue exists in glibc versions befo...