Lucene search
+L

305 matches found

AlpineLinux
AlpineLinux
added 2018/11/16 6:0 p.m.54 views

CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

8.1CVSS7.7AI score0.07968EPSS
Exploits0
OSV
OSV
added 2018/10/26 12:0 a.m.11 views

UBUNTU-CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

8.1CVSS6.7AI score0.07968EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/10/26 12:0 a.m.26 views

CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

8.1CVSS6.8AI score0.07968EPSS
Exploits0References3
OSV
OSV
added 2018/10/19 6:0 p.m.7 views

MGASA-2018-0406 Updated clamav packages fix security vulnerability

The updated clamav packages fix a security vulnerability: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition on an affected device CVE-2018-15378...

5.5CVSS6.7AI score0.01315EPSS
Exploits0References3
Mageia
Mageia
added 2018/10/19 6:0 p.m.37 views

Updated clamav packages fix security vulnerability

The updated clamav packages fix a security vulnerability: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition on an affected device CVE-2018-15378...

5.5CVSS3.6AI score0.01315EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.4 views

puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability...

5.5CVSS5.8AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2018/10/11 5:35 p.m.5 views

USN-3789-1 clamav vulnerability

It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...

5.5CVSS6.8AI score0.01315EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2018/08/27 12:0 a.m.61 views

Responsive FileManager < 9.13.4 - Directory Traversal

The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...

7.5CVSS6.4AI score0.45242EPSS
Exploits6
Fedora
Fedora
added 2018/08/08 4:11 p.m.10 views

[SECURITY] Fedora 28 Update: dpkg-1.18.25-1.fc28

This package provides the low-level infrastructure for handling the installation and removal of Debian software packages. This package contains the tools including dpkg-source required to unpack, build and upload Debian source packages. This package also contains the programs dpkg which used to...

2.6AI score
Exploits0
NVD
NVD
added 2018/06/01 6:29 p.m.31 views

CVE-2016-10631

jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1
CVE
CVE
added 2018/06/01 6:0 p.m.69 views

CVE-2016-10631

CVE-2016-10631 affects the jvminstall module, which downloads binaries over HTTP. The root cause is insecure HTTP downloads, enabling MITM interception and the possibility of swapping the binary with a poisoned one, potentially causing remote code execution if an attacker sits between the user an...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2018/03/27 3:0 p.m.65 views

Encryption 101: Decryptor’s thought process

In the previous parts 1, 2 and 3 of this series, we covered the basics of encryption, walked through a live example of a ransomware in detail, and talked about encryption weaknesses. In this part of the encryption 101 series, we will begin wrapping it up by going into detail on a ransomware with...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/02/20 12:0 a.m.39 views

openSUSE Security Update : rubygem-puppet (openSUSE-2018-174)

This update for rubygem-puppet fixes the following issues : - CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions...

5.5CVSS6.1AI score0.00363EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/12/15 12:21 p.m.54 views

Ruby: controlled buffer under-read in pack_unpack_internal()

Brief ----- There is a signedness error in the packunpackinternal, allowing the '@' type to trigger a buffer under-read when unpacking with a controlled format similar to format string implementation vulnerabilities. Code Vulnerability -------------------- Vulnerable version: 2.5.0 rc and prior...

5CVSS0.4AI score0.07825EPSS
Exploits0
Fedora
Fedora
added 2017/10/17 12:19 a.m.30 views

[SECURITY] Fedora 27 Update: tnef-1.4.15-1.fc27

This application provides a way to unpack Microsoft MS-TNEF MIME attachment s. It operates like tar in order to unpack files of type "application/ms-tnef", which may have been placed into the MS-TNEF attachment instead of being attached separately. Such files may have attachment names similar to...

9.8CVSS2.3AI score0.01934EPSS
Exploits0
Prion
Prion
added 2017/02/13 9:59 p.m.19 views

Directory traversal

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file...

6CVSS6.7AI score0.04458EPSS
Exploits4References3Affected Software1
Node.js
Node.js
added 2016/10/27 4:8 p.m.35 views

Local Privilege Escalation

Overview Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission t...

3.3CVSS3.1AI score0.00372EPSS
Exploits0Affected Software1
n0where
n0where
added 2016/09/04 9:21 p.m.46 views

Usermode Archive Sandbox: ZipJail

Usermode Archive Sandbox ZipJail is a usermode sandbox for unpacking archives using the unzip , rar , 7z , and unace utilities. Through the use of the tracy library it limits the attack surfaces to an absolute minimum in case a malicious archive tries to exploit known or unknown vulnerabilities i...

0.7AI score
Exploits0References1
0day.today
0day.today
added 2016/06/29 12:0 a.m.69 views

Symantec AntiVirus - Multiple Remote Memory Corruption Unpacking RAR

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=810 A major component of the Symantec Antivirus scan engine is the "Decomposer", responsible for unpacking various archive formats such as ZIP, RAR, and so on. The decomposer runs...

10CVSS9.2AI score0.18101EPSS
Exploits1
exploitpack
exploitpack
added 2016/06/29 12:0 a.m.30 views

Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions

Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=810 A major component of the Symantec Antivirus scan engine is the "Decomposer", responsible for unpacking various archive formats such as ZIP, RAR, and so on. T...

0.5AI score
Exploits0
Rows per page
Query Builder