Debian dla-3265 : exiv2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3265 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3265-1 [email protected]...

[SECURITY] [DLA 3265-1] exiv2 security update

Debian LTS Advisory DLA-3265-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne January 10, 2023 https://wiki.debian.org/LTS Package : exiv2 Version : 0.25-4+deb10u4 CVE ID : CVE-2017-11591 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2017-18005...

CVE-2020-8976

creationtimestamp| type| source ---|---|--- 2022-10-18 02:13:25+00:00| seen| https://t.me/cibsecurity/51652...

SUSE SLED15 / SLES15 Security Update : exiv2 (SUSE-SU-2022:3598-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3598-1 advisory. - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure bsc1189333. -...

CVE-2020-8976 ZGR TPS200 Cross-Site Request Forgery (CSRF)

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request...

CVE-2020-8976

CVE-2020-8976 affects ZGR TPS200 NG (firmware 2.00, hardware 1.01). The vulnerability allows a remote attacker to perform actions with the victim user’s permissions when the victim has an active session and triggers a malicious request (CSRF). Documented impacts include high/critical Confidential...

CVE-2020-8976 ZGR TPS200 Cross-Site Request Forgery (CSRF)

The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request...

Low: exiv2

Issue Overview: An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image. By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of...

CentOS 7 : exiv2 (CESA-2019:2101)

An update for exiv2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Scientific Linux Security Update : exiv2 on SL7.x x86_64 (20190806)

The following packages have been upgraded to a later upstream version: exiv2 0.27.0. Security Fixes : - exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp CVE-2017-17724 - exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp CVE-2018-8976 - exiv2: inval...

HPE Moonshot Provisioning Manager Appliance Directory Traversal (CVE-2017-8976)

A directory traversal vulnerability exists in HPE Moonshot Provisioning Manager Appliance. The vulnerability is due to an input validation flaw when processing parameter. Successful exploitation could result in arbitrary code execution...

Fedora Update for exiv2 FEDORA-2018-871fa4d189

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for exiv2 FEDORA-2018-8b67a5c7e2

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-8976

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service image.cpp Exiv2::Internal::stringFormat out-of-bounds read via a crafted file...

CVE-2018-8976

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service image.cpp Exiv2::Internal::stringFormat out-of-bounds read via a crafted file...

CVE-2018-8976

CVE-2018-8976 affects Exiv2 0.26 and specifically the jpgimage.cpp code path. The vulnerability allows remote attackers to trigger a denial of service via a crafted image file, caused by an out-of-bounds read in Exiv2::Internal::stringFormat invoked from image processing. Public reports and advis...

CVE-2017-8976

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found...

CVE-2017-8976

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found...

CVE-2017-8976

The CVE concerns Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance prior to 1.22. A vulnerability in khuploadfile.cgi arises from improper validation of user-supplied data, enabling an unauthenticated, remote attacker to upload files and execute arbitrary code (remote code execut...

CVE-2014-8976

...