Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2020-2347)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871

FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer’s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team’s Offensive Task Force analyz...

CVE-2020-27347

In tmux before version 3.1c the function inputcsidispatchsgrcolon in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output...

EulerOS 2.0 SP2 : php (EulerOS-SA-2020-2384)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, o...

EulerOS 2.0 SP9 : nasm (EulerOS-SA-2020-2416)

According to the versions of the nasm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Netwide Assembler NASM 2.14rc16 has a heap-based buffer over-read in expandmmacparams in asm/preproc.c for the special cases of the % and $ and !...

EulerOS 2.0 SP2 : nasm (EulerOS-SA-2020-2369)

According to the version of the nasm package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Netwide Assembler NASM 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage thi...

EulerOS 2.0 SP2 : libvorbis (EulerOS-SA-2020-2363)

According to the versions of the libvorbis package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mapping0forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a...

Medium: geronimo-jaxrpc

Issue Overview: Liblouis 3.5.0 has a Segmentation fault in loulogPrint in logging.c. CVE-2018-11577 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. CVE-2018-11684 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2238)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process...

CVE-2020-26561

Belkin LINKSYS WRT160NL 1.0.04.002US20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in createdir in minihttpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintai...

CVE-2020-26561

Belkin LINKSYS WRT160NL devices (version 1.0.04.002_US_20130619) are affected by a stack-based buffer overflow in mini_httpd’s create_dir function caused by sprintf. Successful exploitation can lead to arbitrary code execution. The vulnerability affects products no longer supported by the maintai...

CVE-2020-26561

Belkin LINKSYS WRT160NL 1.0.04.002US20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in createdir in minihttpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintai...

CVE-2020-26561

Belkin LINKSYS WRT160NL 1.0.04.002US20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in createdir in minihttpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintai...

EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2020-2196)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged...

EulerOS Virtualization 3.0.2.2 : glusterfs (EulerOS-SA-2020-2187)

According to the versions of the glusterfs packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in RPC request using gfs3lookupreq in glusterfs server. An authenticated attacker could use this flaw to leak...

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2237)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process...

openSUSE Security Update : transfig (openSUSE-2020-1702)

This update for transfig fixes the following issues : Security issue fixed : - CVE-2019-14275: Fixed stack-based buffer overflow in the calcarrow function bsc1143650. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and...

Security update for transfig (moderate)

openSUSE Security Update: Security update for transfig Announcement ID: openSUSE-SU-2020:1702-1 Rating: moderate References: 1143650 Cross-References: CVE-2019-14275 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for transfi...

Fieldcomm Group HART-IP and hipserver

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fieldcomm Group Equipment: HARP-IP Developer kit, hipserver Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being...

CVE-2020-26913

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR5...