38 matches found
MiracleLinux 8 : gegl04-0.4.4-6.el8.2 (AXSA:2022-2998:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2998:01 advisory. gegl: shell expansion via a crafted pathname CVE-2021-45463 Tenable has extracted the preceding description block directly from the MiracleLinux security...
EUVD-2014-3472
Malware in sbrugna...
RHEL 8 : gegl04 (RHSA-2022:0177)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0177 advisory. GEGL Generic Graphics Library is a graph-based image processing framework. Security Fixes: gegl: shell expansion via a crafted pathname CVE-2021-4546...
gegl: shell expansion via a crafted pathname
Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...
Important: gegl04 security update
GEGL Generic Graphics Library is a graph-based image processing framework. Security Fixes: gegl: shell expansion via a crafted pathname CVE-2021-45463 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE...
Important: Red Hat Security Advisory: gegl security update
An update for gegl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
gegl: shell expansion via a crafted pathname
Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...
In NTFS-3G versions < 2021.8.22 when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure denial of service and even code execution.
...
CVE-2018-17421
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname...
CVE-2016-4532
Directory traversal vulnerability in the WAP interface in Trihedral VTScada formerly VTS 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname...
Directory traversal
Directory traversal vulnerability in the WAP interface in Trihedral VTScada formerly VTS 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname...
CVE-2016-0889
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
Design/Logic Flaw
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
CVE-2015-7070
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069...
Design/Logic Flaw
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070...
Design/Logic Flaw
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname...
Code injection
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname...
Design/Logic Flaw
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069...
CVE-2015-7063
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname...
CVE-2015-7063
The CVE-2015-7063 issue affects Apple macOS (OS X) EFI kernel loader prior to macOS 10.11.2. A local attacker can gain privileges through a crafted pathname, as described in the vulnerability summary. The impact is local privilege escalation, with the vulnerability rooted in EFI kernel-loader pat...