36 matches found
EUVD-2004-2634
Malware in sbrugna...
EUVD-2008-0799
Malware in sbrugna...
EUVD-2009-2538
Malware in sbrugna...
EUVD-2009-1778
Malware in sbrugna...
EUVD-2015-4490
Malware in sbrugna...
EUVD-2014-9538
Malware in sbrugna...
SUSE CVE-2014-9732
The cabdextract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted CAB...
SUSE CVE-2015-4470
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CAB archive...
CVE-2022-30262
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...
Design/Logic Flaw
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...
CVE-2022-30262
The CVE-2022-30262 entry concerns Emerson ControlWave ‘Next Generation’ RTUs (through 2022-05-02) with firmware updates transmitted over BSAP-IP. The vulnerability is insufficient verification of data authenticity: firmware images in CAB archives are not authenticated (no signing) and rely on ins...
CVE-2019-16511
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file even with a ../ sequence is...
SUSE SLED12 / SLES12 Security Update : libmspack (SUSE-SU-2016:0011-1)
libmspack was updated to fix security issues. These security issues were fixed : - CVE-2014-9732: The cabdextract function in cabd.c in libmspack did not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allowed remote attackers to cause ...
DEBIAN-CVE-2015-4471
Off-by-one error in the lzxddecompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer under-read and application crash via a crafted CAB archive...
DEBIAN-CVE-2015-4470
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CAB archive...
Design/Logic Flaw
Off-by-one error in the lzxddecompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer under-read and application crash via a crafted CAB archive...
Design/Logic Flaw
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CAB archive...
DEBIAN-CVE-2014-9732
The cabdextract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted CAB...
CVE-2015-4470
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CAB archive...
CVE-2015-4470
CVE-2015-4470 is an off-by-one error in the inflate function (mszipd.c) of libmspack prior to 0.5, enabling remote DoS (buffer over-read) via a crafted CAB archive. Several advisories note fixes in libmspack via SUSE security updates (e.g., SUSE-SU-2015/2016-1x) addressing this and related CVEs (...