SUSE: Security Advisory (SUSE-SU-2017:2873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

Amazon Linux AMI : php7-pear (ALAS-2021-1481)

The version of php7-pear installed on the remote host is prior to 1.10.12-5.32. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1481 advisory. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic...

[ASA-202102-7] nextcloud: directory traversal

Arch Linux Security Advisory ASA-202102-7 ========================================= Severity: Medium Date : 2021-02-06 CVE-ID : CVE-2020-36193 Package : nextcloud Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-1464 Summary ======= The package nextcloud before...

Updated php-pear packages fix a security vulnerability

The updated php-pear packages fix a security vulnerability in component Archivetar, a symlink out-of-path write vulnerability. Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. CVE-2020-36193...

CVE-2020-36193

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

Directory traversal

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

CVE-2020-36193

CVE-2020-36193 affects PHP’s PEAR Archive_Tar (Archive_Tar) up to version 1.4.11. The root cause is inadequate checking of symbolic links, enabling directory traversal for write operations inside an archive. This is a related issue to CVE-2020-28948. Mitigation: upgrade Archive_Tar to 1.4.14 or l...

CVE-2020-36193

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

CVE-2020-36193

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

EulerOS Virtualization for ARM 64 3.0.6.0 : libXrandr (EulerOS-SA-2020-2005)

According to the versions of the libXrandr package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service. An integer overflow in the SM501 display driver implementation allows an attacker to crash the QEMU process in sm5012doperation in hw/display/sm501.c on the host. The vulnerability exists in the COPYAREA macro while handling MMIO write operations through t...

CVE-2020-25016

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to for example dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations...

Teltonika TRB245 Improper Access Control Vulnerability

Teltonika TRB245 is a cellular network gateway product from Teltonika Lithuania. An improper access control vulnerability exists in firmware TRB2R00.02.04.01 of the Teltonika TRB245. The vulnerability stems from improper access control. An attacker could exploit the vulnerability to perform...

CVE-2020-11869

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati2dblt routine in hw/display/ati-2d.c while handling MMIO write operations through the atimmwrite callback. A malicious guest could abuse this flaw to crash the QEMU...

CVE-2020-11869

An integer overflow flaw was found in QEMU in the way it implemented the ATI VGA emulation. This flaw occurs in the ati2dblt routine while handling MMIO write operations through atimmwrite callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of servic...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. The ext2 and ext3 filesystem code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed...

CVE-2017-18648

An issue was discovered on Samsung mobile devices with KK4.4.x, L5.x, M6.x, and N7.x software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 November 2017...

CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

CVE-2019-19273

On Samsung mobile devices with O8.0 and P9.0 software and an Exynos 8895 chipset, RKP aka the Samsung Hypervisor EL2 implementation allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265...