EUVD-2014-0085

Malware in sbrugna...

Malicious code in cloud-binary (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cbe7d6cc6be5cf0a2d185309e6f0adc10eaeb825f7177874f19cbb09a6ed7e1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-27091

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence...

Gentoo Portage does not verify X.509 certificates from SSL servers

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

GHSA-8823-XPHR-QW9V Gentoo Portage does not verify X.509 certificates from SSL servers

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

Evilginx v2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide...

openSUSE Security Update : dpkg (openSUSE-2017-549)

This update for dpkg fixes the following issues : This security issue was fixed : - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an...

SUSE SLED12 / SLES12 Security Update : dpkg (SUSE-SU-2017:1096-1)

This update for dpkg fixes the following issues: This security issue was fixed : - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an...

CVE-2016-9085

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors...

MGASA-2015-0482 Updated dpkg packages fix CVE-2015-0860

Updated dpkg packages fix security vulnerability: Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary...

Updated dpkg packages fix CVE-2015-0860

Updated dpkg packages fix security vulnerability: Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary...

Stack overflow

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

USN-2820-1 dpkg vulnerability

Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code...

[SECURITY] [DSA 3407-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3407-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 26, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3407-1] dpkg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3407-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 26, 2015 https://www.debian.org/security/faq -...

DSA-3407-1 dpkg - security update

Bulletin has no description...

CVE-2013-2100

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

CVE-2012-3380

Directory traversal vulnerability in naxsi-ui/nxextract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors...