Lucene search
K

74 matches found

RedHat Linux
RedHat Linux
added 2021/03/02 7:19 p.m.3 views

grub2: Stack buffer overflow in grub_parser_split_cmdline()

A flaw was found in grub2. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with...

7.2CVSS6.1AI score0.00573EPSS
Exploits0References4
OSV
OSV
added 2021/03/02 6:0 p.m.3 views

UBUNTU-CVE-2020-27749

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that...

7.5CVSS7.1AI score0.00573EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/04/18 5:19 p.m.31 views

CVE-2019-3902

Starting with version 1.5.3, Mercurial allows environment variable expansion on path names for sub repositories when creating it or cloning a parent repository, but it doesn't validate whether the final path name outside the repository root directory. An attacker can leverage this weakness using ...

5.9CVSS1.9AI score0.01413EPSS
Exploits0References4
Fedora
Fedora
added 2018/11/22 2:55 a.m.28 views

[SECURITY] Fedora 27 Update: libconfuse-3.2.2-1.fc27

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

8.8CVSS2.3AI score0.01762EPSS
Exploits1
OSV
OSV
added 2018/06/21 1:29 p.m.3 views

DEBIAN-CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...

7.5CVSS6.1AI score0.0464EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/04/10 12:0 a.m.22 views

CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...

7.5CVSS6.8AI score0.0464EPSS
Exploits0References3
OSV
OSV
added 2017/04/10 12:0 a.m.6 views

UBUNTU-CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...

7.5CVSS6.7AI score0.0464EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

id Software Quake II Server 3.20/3.21 Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4744/info Quake II is a multiplayer game released by id Software. The source code has been made publically available, and versions are available for Windows and Linux. A vulnerability has been reported in some versions of...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/03/14 12:0 a.m.16 views

Fedora 18 : mingw-gnutls-2.12.23-1.fc18 (2013-3453)

Version 2.12.23 released 2012-02-04 - libgnutls: Eliminated memory leak in PCKS 11 initialization. Report and fix by Sam Varshavchik. - libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Patterson and Nadhem Alfardan. - libgnutls: DN variable 'T' was...

5.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.33 views

Debian Security Advisory DSA 128-1 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 128-1. OpenVAS Vulnerability Test $Id: deb1281.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 128-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.2CVSS0.9AI score0.01199EPSS
Exploits0
NVD
NVD
added 2006/08/23 10:4 a.m.17 views

CVE-2006-4262

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via multiple vectors including 1 a long pathname that is not properly handled during file list parsing, 2 long pathnames that result from path...

5.1CVSS7.5AI score0.03653EPSS
Exploits0References17
Cvelist
Cvelist
added 2006/08/23 10:0 a.m.24 views

CVE-2006-4262

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via multiple vectors including 1 a long pathname that is not properly handled during file list parsing, 2 long pathnames that result from path...

7.5AI score0.03653EPSS
Exploits0References17
exploitpack
exploitpack
added 2002/05/15 12:0 a.m.11 views

id Software Quake II Server 3.203.21 - Remote Information Disclosure

id Software Quake II Server 3.203.21 - Remote Information Disclosure source: https://www.securityfocus.com/bid/4744/info Quake II is a multiplayer game released by id Software. The source code has been made publically available, and versions are available for Windows and Linux. A vulnerability ha...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 1999/11/23 12:0 a.m.43 views

pine.420.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I reported the vulnerability below to the Pine team on Oct 21, when 4.20 was current. 4.21 which I just noticed on freshmeat seems to fix the problem even though it's not mentioned in the release notes. Since it's not, I thought some disclosure was in...

7.4AI score
Exploits0
Rows per page
Query Builder