50 matches found
[SECURITY] Fedora 39 Update: diffoscope-257-1.fc39
diffoscope will try to get to the bottom of what makes files or directories different. It will recursively unpack archives of many kinds and transform various binary formats into more human readable form to compare them. It can compare two tarballs, ISO images, or PDF just as easily. The...
Fedora 39 : diffoscope (2024-3383326db4)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3383326db4 advisory. Small bugfix update incl. a CVE fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...
Fedora: Security Advisory (FEDORA-2024-3383326db4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
diffoscope security vulnerability
diffoscope is diffoscope open source a tool for checking the similarities and differences of files or directories. A security vulnerability exists in versions prior to diffoscope 256 that stems from allowing directory traversal via file names embedded in GPG files...
SUSE CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
Directory Traversal
diffoscope is vulnerable to Directory Traversal. The vulnerability is due to the trusted value of the gpg --use-embedded-filenames option,which can be exploited by an attacker to disclose contents of arbitrary files, such as ../.ssh/idrsa...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
SUSE CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
Diffoscope may write to arbitrary locations due to an untrusted archive
diffoscope before 76 writes to arbitrary locations on disk based on the contents of an untrusted archive...
GHSA-8P5C-F328-9FVV Diffoscope may write to arbitrary locations due to an untrusted archive
diffoscope before 76 writes to arbitrary locations on disk based on the contents of an untrusted archive...
DEBIAN-CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
PYSEC-2018-83
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
UBUNTU-CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
Design/Logic Flaw
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
PYSEC-2018-83
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
CVE-2017-0359 diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
CVE-2017-0359
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...
CVE-2017-0359
Diffoscope is vulnerable to arbitrary file overwrite: versions before 77-1 may write to arbitrary locations on disk based on untrusted archive contents. Upstream fix shipped in 77; advisories (Arch Linux ASA-201702-14, Fedora updates, Debian/CVE records) note upgrade to 77-1 or newer to mitigate....