Lucene search
K

169 matches found

Tenable Nessus
Tenable Nessus
added 2016/11/15 12:0 a.m.33 views

Debian DLA-707-1 : sudo security update

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen or wordexp C library functions with a user-supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw...

7.8CVSS7.5AI score0.00493EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2016/10/28 12:0 a.m.55 views

sudo -- Potential bypass of sudo_noexec.so via wordexp()

Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...

7.8CVSS3.7AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/10/27 7:47 p.m.19 views

CVE-2016-7076

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

7.8CVSS4.3AI score0.00493EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/05/20 12:0 a.m.34 views

SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1)

glibc has been updated to fix four security issues : - CVE-2014-0475: Directory traversal in locale environment handling bnc887022 - CVE-2014-7817: wordexp failed to honour WRDENOCMD bsc906371 - CVE-2014-9402: Avoid infinite loop in nssdns getnetbyname bsc910599 - CVE-2015-1472: Fixed buffer...

7.8CVSS7.6AI score0.07688EPSS
Exploits5References16
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.40 views

Debian DLA-97-1 : eglibc security update

CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character '0xffff' is specified, then iconv segfaults. CVE-2014-6040 Crashes on invalid input in IBM gconv modules BZ 17325 These changes...

5CVSS8.3AI score0.06564EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2015/03/10 12:0 a.m.53 views

Oracle Linux 7 : glibc (ELSA-2015-0327)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0327 advisory. - Fix parsing of numeric hosts in gethostbynamer CVE-2015-0235, 1183545. - Prevent NSS-based file backend from entering infinite loop when different AP...

10CVSS7.6AI score0.94859EPSS
Exploits35References3
Tenable Nessus
Tenable Nessus
added 2015/03/06 12:0 a.m.54 views

SuSE 11.3 Security Update : glibc (SAT Patch Number 10357)

glibc has ben updated to fix three security issues : - wordexp failed to honour WRDENOCMD bsc906371. CVE-2014-7817 - Fixed invalid file descriptor reuse while sending DNS query bsc915526. CVE-2013-7423 - Fixed buffer overflow in wscanf bsc916222 These non-security issues have been fixed:...

7.8CVSS7.7AI score0.07688EPSS
Exploits5References13
OpenVAS
OpenVAS
added 2015/01/23 12:0 a.m.34 views

RedHat Update for glibc RHSA-2015:0016-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.2AI score0.06564EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/01/08 12:0 a.m.45 views

CentOS 6 : glibc (CESA-2015:0016)

Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

5CVSS8.2AI score0.06564EPSS
Exploits1References3
Amazon
Amazon
added 2015/01/08 12:0 a.m.57 views

Medium: glibc

Issue Overview: An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was fou...

5CVSS9.2AI score0.06564EPSS
Exploits1References1
Cent OS
Cent OS
added 2015/01/07 10:45 p.m.86 views

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2015:0016 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

5CVSS7.2AI score0.06564EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2015/01/07 5:17 p.m.8 views

glibc: command execution in wordexp() with WRDE_NOCMD specified

It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...

4.6CVSS7.6AI score0.00578EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2015/01/07 12:0 a.m.47 views

glibc security and bug fix update

2.12-1.149.4 - Fix recursive dlopen 1173469. 2.12-1.149.3 - Fix typo in ressend and resquery rh1172023. 2.12-1.149.2 - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, 1139571. 2.12-1.149.1 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170121...

5CVSS0.8AI score0.06564EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2014/12/18 8:31 p.m.3 views

glibc: command execution in wordexp() with WRDE_NOCMD specified

It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...

4.6CVSS7.6AI score0.00578EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2014/12/18 12:0 a.m.51 views

glibc security and bug fix update

2.17-55.0.4.el70.3 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. Jose E. Marchesi 2.17-55.3 - Fix wordexp to honour WRDENOCMD CVE-2014-7817, 1170118...

7.5CVSS1.6AI score0.18099EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2014/12/04 12:0 a.m.41 views

Ubuntu 14.04 LTS : GNU C Library vulnerabilities (USN-2432-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2432-1 advisory. Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could...

5CVSS8.6AI score0.06564EPSS
Exploits2References4
OSV
OSV
added 2014/12/03 6:26 p.m.6 views

USN-2432-1 eglibc, glibc vulnerabilities

Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12....

5CVSS7.4AI score0.06564EPSS
Exploits2References4
securityvulns
securityvulns
added 2014/11/30 12:0 a.m.30 views

GNU glibc code execution

wordexp function code execution...

4.6CVSS1.7AI score0.00578EPSS
Exploits0References1Affected Software1
Debian
Debian
added 2014/11/29 6:51 p.m.37 views

[SECURITY] [DLA 97-1] eglibc security update

Package : eglibc Version : 2.11.3-4+deb6u2 CVE ID : CVE-2012-6656 CVE-2014-6040 CVE-2014-7817 CVE-2012-6656 Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv...

5CVSS8AI score0.06564EPSS
Exploits2
OSV
OSV
added 2014/11/29 12:0 a.m.33 views

DLA-97-1 eglibc - security update

Bulletin has no description...

5CVSS6.5AI score0.06564EPSS
Exploits2
Rows per page
Query Builder