74 matches found
grub2: Stack buffer overflow in grub_parser_split_cmdline()
A flaw was found in grub2. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with...
UBUNTU-CVE-2020-27749
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that...
CVE-2019-3902
Starting with version 1.5.3, Mercurial allows environment variable expansion on path names for sub repositories when creating it or cloning a parent repository, but it doesn't validate whether the final path name outside the repository root directory. An attacker can leverage this weakness using ...
[SECURITY] Fedora 27 Update: libconfuse-3.2.2-1.fc27
libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...
DEBIAN-CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
UBUNTU-CVE-2017-2669
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...
id Software Quake II Server 3.20/3.21 Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4744/info Quake II is a multiplayer game released by id Software. The source code has been made publically available, and versions are available for Windows and Linux. A vulnerability has been reported in some versions of...
Fedora 18 : mingw-gnutls-2.12.23-1.fc18 (2013-3453)
Version 2.12.23 released 2012-02-04 - libgnutls: Eliminated memory leak in PCKS 11 initialization. Report and fix by Sam Varshavchik. - libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Patterson and Nadhem Alfardan. - libgnutls: DN variable 'T' was...
Debian Security Advisory DSA 128-1 (sudo)
The remote host is missing an update to sudo announced via advisory DSA 128-1. OpenVAS Vulnerability Test $Id: deb1281.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 128-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
CVE-2006-4262
Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via multiple vectors including 1 a long pathname that is not properly handled during file list parsing, 2 long pathnames that result from path...
CVE-2006-4262
Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via multiple vectors including 1 a long pathname that is not properly handled during file list parsing, 2 long pathnames that result from path...
id Software Quake II Server 3.203.21 - Remote Information Disclosure
id Software Quake II Server 3.203.21 - Remote Information Disclosure source: https://www.securityfocus.com/bid/4744/info Quake II is a multiplayer game released by id Software. The source code has been made publically available, and versions are available for Windows and Linux. A vulnerability ha...
pine.420.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I reported the vulnerability below to the Pine team on Oct 21, when 4.20 was current. 4.21 which I just noticed on freshmeat seems to fix the problem even though it's not mentioned in the release notes. Since it's not, I thought some disclosure was in...