12 matches found
EUVD-2024-0035
Malicious code in bioql PyPI...
Fedora 40 : diffoscope (2024-29ffe7d0ff)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-29ffe7d0ff advisory. Automatic update for diffoscope-257-1.fc40. Changelog Sun Feb 18 2024 Zbigniew Jdrzejewski-Szmek - 257-1 - Version 257 - Fixes rhbz2264736, CVE-2024-25711...
diffoscope Path Traversal vulnerability
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
PYSEC-2024-41
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
Fedora 39 : diffoscope (2024-3383326db4)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3383326db4 advisory. Small bugfix update incl. a CVE fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/idrsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted...
CVE-2024-25711
CVE-2024-25711 affects diffoscope before 256. The vulnerability arises from trusting the gpg --use-embedded-filenames option, enabling directory traversal via an embedded filename in a GPG file. Exploitation would disclose contents of arbitrary files (e.g., ../.ssh/id_rsa). Impact is information ...