3202 matches found
Debian dla-3236 : libopenexr-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3236 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3236-1 [email protected]...
K15893: Apache HTTP server vulnerabilities CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, and CVE-2014-3523
Security Advisory Description CVE-2014-0117 The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header. CVE-2014-0118 The deflateinfilter function...
USN-5777-2 pillow-python2 vulnerabilities
USN-5777-1 fixed vulnerabilities in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Pillow incorrectly handled the deletion of temporary files when using a temporary directory that contains...
USN-5777-1 pillow vulnerabilities
It was discovered that Pillow incorrectly handled the deletion of temporary files when using a temporary directory that contains spaces. An attacker could possibly use this issue to delete arbitrary files. This issue only affected Ubuntu 20.04 LTS. CVE-2022-24303 It was discovered that Pillow...
CVE-2022-4402
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2022-4402
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
Path traversal
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2022-4402 RainyGao DocSys ZIP File Decompression path traversal
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to...
PT-2022-27082 · Unknown · Rainygao Docsys
Name of the Vulnerable Software and Affected Versions: RainyGao DocSys version 2.02.37 Description: A critical vulnerability has been found in the ZIP File Decompression Handler component of RainyGao DocSys. The issue allows for path traversal, specifically using '../filedir', and can be initiate...
Amazon Linux AMI : curl (ALAS-2022-1646)
The version of curl installed on the remote host is prior to 7.61.1-12.101. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1646 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly...
curl: HTTP compression denial of service
A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...
curl: HTTP compression denial of service
A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...
OS Command Injection
nadesiko3 is vulnerable to OS command injection. The vulnerability exists due to compression and decompression which allows an attacker to inject and execute arbitrary commands...
GHSA-M8R5-7WF4-63MW Nadesiko3 OS Command Injection vulnerability
OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...
Nadesiko3 OS Command Injection vulnerability
OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...
CVE-2022-41642
OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...
Command injection
OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...
PT-2022-25999 · Nadesiko3 · Nadesiko3
Name of the Vulnerable Software and Affected Versions: Nadesiko3 PC Version versions 3.3.61 and earlier Nadesiko3 PC Version versions 3.3.68 and earlier Description: The issue allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...
CVE-2022-41642
OS command injection vulnerability in Nadesiko3 PC Version v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product...
CVE-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...