9 matches found
Mageia: Security Advisory (MGASA-2019-0367)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2748-1] tnef security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2748-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 23, 2021 https://wiki.debian.org/LTS -...
Ubuntu: Security Advisory (USN-4524-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS : TNEF vulnerabilities (USN-4524-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4524-1 advisory. Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibl...
Fedora Update for tnef FEDORA-2019-5f14b810f8
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 30 : tnef (2019-5f14b810f8)
tnef release 1.4.18. ==================== Security release to resolve CVE-2019-18849 in which it may be possible to attack via a crafted email message extracted via tnef. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system websit...
Fedora 31 : tnef (2019-815807c020)
tnef release 1.4.18. ==================== Security release to resolve CVE-2019-18849 in which it may be possible to attack via a crafted email message extracted via tnef. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system websit...
CVE-2019-18849
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...
CVE-2019-18849
CVE-2019-18849 affects tnef up to version 1.4.18. The vulnerability is a heap-based buffer over-read involving strdup in handling crafted winmail.dat attachments, which could allow an attacker to write to the victim's .ssh/authorized_keys. Multiple advisories confirm the fix in tnef 1.4.18 across...