Unauthorised File Deletion Via Symlink

Ruby is vulnerable to unauthorised file deletion via symlink. It is possible to directory using symlink when decompressing tar...

Fedora Update for libmspack FEDORA-2018-a5953af115

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-20819

io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads...

openSUSE Security Update : libarchive (openSUSE-2019-1196)

This update for libarchive fixes the following issues : Security issues fixed : - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL pointer Dereference...

OPENSUSE-SU-2019:1196-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 - CVE-2018-1000879: Fixed a NULL Pointer Dereference...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:1196-1 Rating: moderate References: 1120653 1120654 1120656 1120659 1124341 1124342 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020...

The vulnerability of the Libmspack library and the CAB-file decompression utility SabExtract, which allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Libmspack library mspack/cab.h and the CAB-file decompression utilities provided by SabExtract are related to memory buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause system failures remotely...

SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:0831-1)

This update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653 CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654 CVE-2018-1000879: Fixed a NULL pointer Dereference...

Long Range Zip Denial of Service Vulnerability (CNVD-2019-14257)

Long Range Zip a.k.a. lrzip is an open source compression utility for large file compression.LZO is one of the lossless data compression algorithms used in... A security vulnerability exists in the 'lzo1xdecompress' function in the liblzo2.so.2 file of LZO version 2.10 used in lrzip version 0.631...

WinRAR aeration elder has a major vulnerability that hackers can be malicious programs implanted in the boot process-vulnerability warning-the black bar safety net

Foreign security agencies to Check Point disclosed that of the famous compression software WinRAR the presence of a elder level of security vulnerability once used by hackers, hackers could a malicious app implant user's computer by a boot program, the vulnerability in 2005 already exists. WinRAR...

[SECURITY] [DLA 1668-1] libarchive security update

Package : libarchive Version : 3.1.2-11+deb8u7 CVE ID : CVE-2019-1000019 CVE-2019-1000020 Fuzzing found two further file-format specific issues in libarchive, a read-only segfault in 7z, and an infinite loop in ISO9660. CVE-2019-1000019 Out-of-bounds Read vulnerability in 7zip decompression, that...

Debian: Security Advisory (DLA-1668-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-1000019

CVE-2019-1000019 concerns libarchive’s 7z decompression path. Affected versions (from release v3.0.2 onward) contain a CWE-125 Out-of-bounds Read in archive_read_support_format_7zip.c header_bytes(), exploitable by opening a specially crafted 7zip file and causing a crash/DoS. Public reports conf...

UBUNTU-CVE-2019-1000019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards release v3.0.2 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be...

UBUNTU-CVE-2019-6988

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service attempted excessive memory allocation in opjcalloc in openjp2/opjmalloc.c, when called from opjtcdinittile in openjp2/tcd.c, as demonstrated by the 64-bit opjdecompress...

Arbitrary File Write

bower is vulnerable to arbitrary file write attacks. The vulnerability exists as it fails to restrict extracting files that are referencing symbolic links, allowing arbitrary files to be written during decompression...

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service...

Wireshark 2.6.x < 2.6.2 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.2 advisory. - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This...

Directory Traversal

rdf4j-util is vulnerable to directory traversal. An attacker is able to overwrite arbitrary files using the characters ../ as an entry in a ZIP archive. The overwrite occurs during decompressing of the ZIP file...

FreeRDP Buffer Overflow Vulnerability (CNVD-2019-00653)

FreeRDP is a free, open source implementation of the Remote Desktop Protocol RDP developed by the FreeRDP team. A heap buffer overflow vulnerability exists in the 'zgfxdecompress' function in versions of FreeRDP prior to 2.0.0-rc4, which can be exploited by a remote attacker to cause a denial of...