Lucene search
K

138 matches found

Positive Technologies
Positive Technologies
added 2023/03/05 12:0 a.m.4 views

PT-2023-1670

Name of the Vulnerable Software and Affected Versions debian-goodies version 0.88.1 Description The issue is related to the debmany function in the debian-goodies package, which allows attackers to execute arbitrary shell commands due to an eval call. This can be achieved via a crafted .deb file...

7.8CVSS7.4AI score0.00446EPSS
Exploits0References16
CVE
CVE
added 2023/03/05 12:0 a.m.86 views

CVE-2023-27635

CVE-2023-27635 affects debmany in Debian Goodies 0.88.1. The root cause is an eval call that allows an attacker to execute arbitrary shell commands via a crafted .deb file, with the file path shown to the user before execution. This yields a local attack vector with user interaction required (per...

7.8CVSS7.7AI score0.00446EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/05 12:0 a.m.5 views

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

7.9AI score0.00446EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/05 12:0 a.m.44 views

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

8AI score0.00446EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.4 views

SUSE CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which trigger...

7.5CVSS8.3AI score0.05035EPSS
Exploits0References5
Kitploit
Kitploit
added 2022/05/24 8:0 p.m.22 views

Reposaur - The Open Source Compliance Tool For Development Platforms

Reposaur is the open sourcecompliance tool for development platforms. Audit, verify and report on your data and configurations easily with pre-defined and/or custom policies. Supports GitHub. GitLab, BitBucket and Gitea support soon. Getting Started Have you ever felt like you don't know what's...

7.3AI score
Exploits0References13
OSV
OSV
added 2022/05/17 7:57 p.m.52 views

GHSA-5XM4-JMPW-P6J3 Ansible discloses credential information

Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the deb...

6.8CVSS5.1AI score0.0038EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.26 views

Ansible discloses credential information

Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the deb...

5.5CVSS6.3AI score0.0038EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/15 12:0 a.m.96 views

Apache OpenOffice < 4.1.11 Multiple Vulnerabilities

he version of Apache OpenOffice installed on the remote host is a version prior to 4.1.11. It is, therefore, affected by multiple vulnerabilities : - Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a 'Billion Laughs' entity expansion...

7.8CVSS8AI score0.50563EPSS
Exploits1References13
CNVD
CNVD
added 2021/10/13 12:0 a.m.63 views

Apache OpenOffice Access Control Error Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An Access Control Error vulnerability exists in Apache OpenOffice version 4.1.8, which stems from th...

7.8CVSS7.5AI score0.00545EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2021/10/12 11:32 a.m.15 views

deb-online.de Improper Access Control vulnerability OBB-2162515

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.1AI score
Exploits0
NVD
NVD
added 2021/10/07 4:15 p.m.33 views

CVE-2021-28129

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. User...

7.8CVSS0.00545EPSS
Exploits0References3
Prion
Prion
added 2021/10/07 4:15 p.m.311 views

Design/Logic Flaw

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. User...

4.6CVSS7.5AI score0.00545EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/10/07 3:50 p.m.69 views

CVE-2021-28129

CVE-2021-28129 concerns the OpenOffice DEB package for version 4.1.8, where installation did not run as root but used UID/GID 500. This mispackaging could enable a crafted attack on files owned by that user/group if such files exist, potentially affecting desktop integration and local file owners...

7.8CVSS7.6AI score0.00545EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/10/07 3:50 p.m.47 views

CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. User...

7.8AI score0.00545EPSS
Exploits0References3
Kitploit
Kitploit
added 2021/08/13 12:30 p.m.66 views

jwtXploiter - A Tool To Test Security Of Json Web Token

A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known vulnerable header claims kid, jku, x5u Verify a token Retrieve the public key of your target's ssl connection and try to use it in a key...

7.6AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/24 12:0 a.m.29 views

openSUSE: Security Advisory for salt (openSUSE-SU-2021:0899-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.4AI score0.96405EPSS
Exploits29References4
RedhatCVE
RedhatCVE
added 2021/04/30 1:1 p.m.20 views

CVE-2020-27350

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0...

5.7CVSS6.1AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 2020/12/10 4:15 a.m.16 views

CVE-2020-27350

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0...

5.7CVSS5.4AI score0.00377EPSS
Exploits0References4
OSV
OSV
added 2020/12/10 4:15 a.m.2 views

DEBIAN-CVE-2020-27350

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0...

5.7CVSS5.7AI score0.00377EPSS
Exploits0References1
Rows per page
Query Builder