CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

CVE-2026-44708 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

EUVD-2008-5991

Malware in sbrugna...

Moderate: Red Hat Security Advisory: nginx:1.22 security update

An update for the nginx:1.22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Linux Distros Unpatched Vulnerability : CVE-2022-41860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will...

CVE-2022-22772

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution RCE vulnerability that allows a low privileged attacker with...

[SECURITY] Fedora 34 Update: dnsmasq-2.85-1.fc34

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with...

Security Bulletin: IBM Connect:Direct for UNIX is Vulnerable to a Privilege Escalation Attack via its C/C++ API

Summary IBM Sterling Connect:Direct for UNIX could allow a user who is authorized for limited Connect:Direct privileges to attack through a custom application written using the Connect:Direct for UNIX C/C++ API by replacing the system implementation of getuid with a malicious implementation and...

CVE-2009-5041

overkill has buffer overflow via long player names that can corrupt data on the server machine...

News Wrap: Steam Zero Day Disclosure Drama, Unix Utility Backdoor

Why did Valve-owner Steam say it made a “mistake” turning a researcher away from its bug bounty program? Who was behind a backdoor that was purposefully introduced into a utility utilized by Unix and Linux servers? And why is Facebook coming under fire for its “Clear History” feature? Threatpost...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Security : Privileges. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

ALPINE-CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

mysql: Logging unspecified vulnerability (CPU Jan 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Logging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQ...

SYS.1.3 Server unter Unix

Zielsetzung des Bausteins ist der Schutz von Informationen, die von Unix-Servern verarbeitet werden. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

[SECURITY] Fedora 25 Update: nagios-plugins-2.1.4-2.fc25

Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks ar...

[SECURITY] Fedora 23 Update: 389-ds-base-1.3.4.8-1.fc23

389 Directory Server is an LDAPv3 compliant server. The base package inclu des the LDAP server and command line utilities for server administration...

Security update for roundcubemail (important)

This update to roundcubemail 1.0.8 fixes the following issues: - CVE-2015-8770: Path traversal vulnerability allowed code execution to remote authenticated users if they were also upload files to the same server through some other method boo962067 This update also contains all upstream fixes in...