8767 matches found
CVE-2021-26567
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options...
PT-2021-17045 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: faad2 versions prior to 2.2.7.1 faad in Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue is related to a stack-based buffer overflow vulnerability and the use of unmaintained third-party components. This...
PT-2021-17317 · Visualware · Visualware Myconnection Server
Name of the Vulnerable Software and Affected Versions: Visualware MyConnection Server versions prior to 11.1a Description: An issue was discovered in Visualware MyConnection Server that allows Unauthenticated Remote Code Execution via Arbitrary File Upload in the web service when using a...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
DEBIAN-CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
ALPINE-CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
Sql injection
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
UBUNTU-CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
CVE-2020-36254
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...
Perth Dropbear Security Vulnerability
Perth Dropbear is a lightweight SSH server/client software from the University of Perth, Australia that is primarily used in embedded devices. A security vulnerability exists in Dropbear before 2020.79 that stems from incorrectly processed filenames, or empty filenames...
PT-2021-11987 · Dropbear +1 · Dropbear +1
Name of the Vulnerable Software and Affected Versions: Dropbear versions prior to 2020.79 Description: The issue is related to the handling of filenames in scp.c, specifically with . or an empty filename. This is a related issue to a previously known problem. Recommendations: For versions prior t...
Buffer overflow
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh extension 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling...
CVE-2020-24175
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh extension 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling...
IZArc Yz1 Buffer Error Vulnerability
IZArc Yz1 is an application for the Chinese IZArc community. It provides compression and decompression functionality. A buffer error vulnerability exists in Yz1 0.30 and 0.32, which can be exploited by an attacker to execute arbitrary code via a crafted archive file related to filename handling...
SUSE SLES12 Security Update : krb5-appl (SUSE-SU-2021:0527-1)
This update for krb5-appl fixes the following issues : CVE-2019-25017: Check the filenames sent by the server match those requested by the client bsc1131109. CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory bsc1131109. Note that Tenable Network Security...
SUSE-SU-2021:0527-1 Security update for krb5-appl
This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client bsc1131109. - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory bsc1131109...
Arbitrary file deletion
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...