libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header

A flaw was found in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

Linux Distros Unpatched Vulnerability : CVE-2019-7282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The...

SUSE CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

SUSE CVE-2019-25018

In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

golang: archive/zip: Reader.Open panics on empty string

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open the API implementing io/fs.FS introduced in Go 1.16 can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument...

CVE-2021-41772

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...

CVE-2021-41772

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field...

DEBIAN-CVE-2020-36254

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

ALPINE-CVE-2020-36254

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

UBUNTU-CVE-2020-36254

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

CVE-2020-36254

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685...

PT-2021-11987 · Dropbear +1 · Dropbear +1

Name of the Vulnerable Software and Affected Versions: Dropbear versions prior to 2020.79 Description: The issue is related to the handling of filenames in scp.c, specifically with . or an empty filename. This is a related issue to a previously known problem. Recommendations: For versions prior t...

SUSE-SU-2020:2711-1 Security update for libmspack

This update for libmspack fixes the following issues: Security issues fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure bsc1141680. - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal...

VulnCheck KEV: CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

openssh: scp client improper directory name validation

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...

UBUNTU-CVE-2019-7282

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685...

DEBIAN-CVE-2019-7282

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685...

DEBIAN-CVE-2018-20685

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...