Lucene search
+L

34 matches found

nessus
nessus
added 2026/05/11 12:0 a.m.21 views

Ubuntu 24.04 LTS / 25.10 : dpkg vulnerability (USN-8249-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8249-1 advisory. Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were trick...

7.5CVSS5.9AI score0.00418EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.16 views

PT-2026-39177

Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding,...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/03/09 1:20 p.m.7 views

CVE-2026-2219

A flaw was found in dpkg-deb, a component of the Debian package management system. This vulnerability allows a local user to trigger a Denial of Service DoS by providing a specially crafted zstd-compressed .deb archive. The flaw occurs because dpkg-deb does not properly validate the end of the da...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References2
euvd
euvd
added 2026/03/07 9:30 a.m.9 views

EUVD-2026-10138

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

5.8AI score0.00418EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/07 8:10 a.m.5 views

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

5.8AI score0.00418EPSS
Exploits0References3Affected Software1
debiancve
debiancve
added 2026/03/07 8:10 a.m.8 views

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

7.5CVSS5.2AI score0.00418EPSS
Exploits0
cvelist
cvelist
added 2026/03/07 8:10 a.m.43 views

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

0.00418EPSS
Exploits0References2
osv
osv
added 2026/03/07 8:10 a.m.8 views

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2026/03/07 8:10 a.m.10 views

CVE-2026-2219

It was discovered that dpkg-deb a component of dpkg, the Debian package management system does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service infinite loop spinning the CPU...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.9 views

dpkg-deb 安全漏洞

dpkg-deb is a package manager in Linux developed by the Debian community. dpkg-deb has a security vulnerability that stems from improper validation of the end of the data stream when decompressing.deb archives compressed with zstd, which could lead to a denial-of-service attack...

7.5CVSS5.8AI score0.00418EPSS
Exploits0References2
astralinux
astralinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in dpkg

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory. This behavior is documented as being a safe operation even on untrusted data. This may result in temporary files being left behind during cleanup. Given...

8.2CVSS7.1AI score0.00341EPSS
Exploits0References3
nessus
nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: dpkg (TSSA-2025:0522)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0522 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References2
osv
osv
added 2025/10/09 3:49 p.m.9 views

CLSA-2025-1760024944 Fix CVE(s): CVE-2025-6297

SECURITY UPDATE: Fix directory cleanup vulnerability - dpkg-deb/info.c: Fix cleanup for control member with restricted directories - Add treewalk to set proper permissions before removal for non-root users - CVE-2025-6297...

8.2CVSS7.3AI score0.00341EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-0871

Malware in sbrugna...

7.5CVSS9.2AI score0.05035EPSS
Exploits0References11
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19670

Malicious code in bioql PyPI...

8.2CVSS6.2AI score0.00341EPSS
Exploits0References1
osv
osv
added 2025/07/01 5:15 p.m.5 views

DEBIAN-CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

8.2CVSS8AI score0.00341EPSS
Exploits0References1
osv
osv
added 2025/07/01 5:15 p.m.8 views

AZL-64641 CVE-2025-6297 affecting package dpkg 1.20.10-1

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

8.2CVSS7.5AI score0.00341EPSS
Exploits0References1
osv
osv
added 2025/07/01 5:15 p.m.3 views

UBUNTU-CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

8.2CVSS7.4AI score0.00341EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/07/01 4:16 p.m.3 views

CVE-2025-6297 dpkg-deb: Fix cleanup for control member with restricted directories

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

7.4AI score0.00341EPSS
Exploits0References1
cvelist
cvelist
added 2025/07/01 4:16 p.m.26 views

CVE-2025-6297 dpkg-deb: Fix cleanup for control member with restricted directories

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

0.00341EPSS
Exploits0References1
Rows per page
Query Builder