Astra Linux - уязвимость в glibc

The wordexp function in the GNU C Library also known as glibc, up to version 2.33, may crash or access arbitrary memory during the parseparam function located in posix/wordexp.c when called with an untrusted, crafted pattern. This could potentially lead to a denial of service or the disclosure of...

EUVD-2021-22577

Malware in sbrugna...

CVE-2023-25607

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 throug...

CVE-2023-25607

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 throug...

K98121587: glibc vulnerability CVE-2021-35942

Security Advisory Description The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs...

SUSE CVE-2021-35942

The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but...

Ubuntu 16.04 ESM : GNU C Library vulnerabilities (USN-5699-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5699-1 advisory. Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could...

CVE-2022-3008

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

Command injection

The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...

tinygltf 命令注入漏洞

tinygltf is a header-only C++ miniature glTF library loader/saver by the Japanese individual developer Syoyo Fujita. A security vulnerability exists in tinygltf versions prior to 2.6.0, which stems from the C library function wordexp performs file path expansion on untrusted paths provided by the...

NewStart CGSL CORE 5.05 / MAIN 5.05 : glibc Vulnerability (NS-SA-2022-0042)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has glibc packages installed that are affected by a vulnerability: - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an...

NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Vulnerability (NS-SA-2022-0016)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by a vulnerability: - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an...

EulerOS Virtualization 3.0.6.0 : glibc (EulerOS-SA-2022-1066)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thre...

EulerOS Virtualization 3.0.6.6 : glibc (EulerOS-SA-2022-1122)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - sysdeps/i386/ldbl2mpn.c in the GNU C Library aka glibc or libc6 before 2.23 on x86 targets has a stack- based buffer overflow if t...

ROS-20220112-02

Vulnerability of wordexp function of the library that provides system calls and basic glibc functions is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker to read arbitrary files...

Oracle Linux 8 : glibc (ELSA-2021-9560)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9560 advisory. - CVE-2021-33574: Deep copy pthread attribute in mqnotify 1966472 - CVE-2021-35942: wordexp: handle overflow in positional parameter number 1979127 -...

Oracle Linux 8 : glibc (ELSA-2021-4358)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4358 advisory. - CVE-2021-33574: Deep copy pthread attribute in mqnotify 1966472 - CVE-2021-35942: wordexp: handle overflow in positional parameter number 1979127 -...

SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2021:3385-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3385-1 advisory. - The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the...

CVE-2021-35942

The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but...

CVE-2021-35942

The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but...