Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2020.1689
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2020-1689)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'edk2' package(s) announced via the EulerOS-SA-2020-1689 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'edk2' package(s) announced via the EulerOS-SA-2020-1689 advisory. Vulnerability Insight: Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.(CVE-2014-1912) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-14575) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-14559) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-14563) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-14553) Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function.(CVE-2014-7185) Affected Software/OS: 'edk2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1912 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 65379 http://www.securityfocus.com/bid/65379 Debian Security Information: DSA-2880 (Google Search) http://www.debian.org/security/2014/dsa-2880 http://www.exploit-db.com/exploits/31875 https://security.gentoo.org/glsa/201503-10 http://pastebin.com/raw.php?i=GHXSmNEg https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ http://www.openwall.com/lists/oss-security/2014/02/12/16 RedHat Security Advisories: RHSA-2015:1064 http://rhn.redhat.com/errata/RHSA-2015-1064.html RedHat Security Advisories: RHSA-2015:1330 http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www.securitytracker.com/id/1029831 SuSE Security Announcement: openSUSE-SU-2014:0518 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html SuSE Security Announcement: openSUSE-SU-2014:0597 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://www.ubuntu.com/usn/USN-2125-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7185 BugTraq ID: 70089 http://www.securityfocus.com/bid/70089 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html http://www.openwall.com/lists/oss-security/2014/09/23/5 http://www.openwall.com/lists/oss-security/2014/09/25/47 SuSE Security Announcement: openSUSE-SU-2014:1292 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html XForce ISS Database: python-bufferobject-overflow(96193) https://exchange.xforce.ibmcloud.com/vulnerabilities/96193
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.