Lucene search
K

10 matches found

OSV
OSV
•added 2022/11/29 2:58 p.m.•3 views

SUSE-SU-2022:4287-1 Security update for libmspack

This update for libmspack fixes the following issues: - CVE-2018-18586: Add leading slash protection to chmextract. bsc1113040...

5.3CVSS5.6AI score0.03284EPSS
Exploits1References3
OpenVAS
OpenVAS
•added 2022/01/28 12:0 a.m.•29 views

Mageia: Security Advisory (MGASA-2018-0455)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.7AI score0.03806EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
•added 2022/01/14 12:0 a.m.•26 views

SUSE SLED15 / SLES15 Security Update : libmspack (SUSE-SU-2022:0069-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0069-1 advisory. - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection bsc1113040...

5.3CVSS6.4AI score0.03284EPSS
Exploits1References4
OSV
OSV
•added 2022/01/13 2:12 p.m.•2 views

SUSE-SU-2022:0069-1 Security update for libmspack

This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection bsc1113040...

5.3CVSS5.7AI score0.03284EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
•added 2022/01/13 12:0 a.m.•22 views

Security update for libmspack (low)

openSUSE Security Update: Security update for libmspack Announcement ID: openSUSE-SU-2022:0069-1 Rating: low References: 1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 NVD : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 An update that...

5.3CVSS5.8AI score0.03284EPSS
Exploits1References1
OpenVAS
OpenVAS
•added 2020/01/23 12:0 a.m.•24 views

Huawei EulerOS: Security Advisory for libmspack (EulerOS-SA-2019-2534)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.9AI score0.03284EPSS
Exploits2References2
OpenVAS
OpenVAS
•added 2020/01/23 12:0 a.m.•25 views

Huawei EulerOS: Security Advisory for libmspack (EulerOS-SA-2020-1014)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.03284EPSS
Exploits1References2
OSV
OSV
•added 2018/10/23 2:29 a.m.•4 views

CVE-2018-18586

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...

5.3CVSS5.5AI score
Exploits0References4
CVE
CVE
•added 2018/10/23 2:0 a.m.•125 views

CVE-2018-18586

CVE-2018-18586 affects libmspack (chmextract.c). The issue is directory traversal via absolute/relative CHM file paths due to insufficient path protection. OpenSUSE/SUSE advisories fix by adding anti-’../’ and leading-slash checks (e.g., libmspack-devel-0.11-2 and related patches). Exploitation d...

5.3CVSS4.8AI score0.03284EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
•added 2018/10/23 2:0 a.m.•20 views

CVE-2018-18586

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...

5.3CVSS5.6AI score0.03284EPSS
Exploits1
Rows per page
Query Builder