42 matches found
OESA-2024-1398 rubygem-tzinfo security update
TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...
OESA-2024-1399 rubygem-tzinfo security update
TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...
SUSE CVE-2006-4111
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...
SUSE CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
DEBIAN-CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
Path traversal
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2020-6787
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same...
UBUNTU-CVE-2020-14212
FFmpeg through 4.3 has a heap-based buffer overflow in aviogetstr in libavformat/aviobuf.c because dnnbackendnative.c calls ffdnnloadmodelnative and a certain index check is omitted...
Scada-os Configuration Software dll Hijacking Vulnerability
Scada-os is a SCADA system developed by several SCADA configuration software engineers. The TsStudio.exe component of the Scada-os configuration software is not safe to load library files, so an attacker can construct a malicious application and place it in a specific path, which will allow the...
autofs: priv escalation via interpreter load path for program based automount maps
It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system...
SUSE SLED12 / SLES12 Security Update : autofs (SUSE-SU-2015:1020-1)
autofs was updated to fix one security issue. This security issue was fixed : - CVE-2014-8169: Prevent potential privilege escalation via interpreter load path for program-based automount maps bnc917977. The update package also includes non-security fixes. See advisory for details. Note that...
openSUSE Security Update : autofs (openSUSE-2015-220)
The automount service autofs was updated to prevent a potential privilege escalation via interpreter load path for program-based automount maps. bsc917977 CVE-2014-8169 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Debian Security Advisory DSA 2324-1 (wireshark)
The remote host is missing an update to wireshark announced via advisory DSA 2324-1. OpenVAS Vulnerability Test $Id: deb23241.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2324-1 wireshark Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian: Security Advisory (DSA-2324-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2339-1 : nss - several vulnerabilities
This update to the NSS cryptographic libraries revokes the trust in the'DigiCert Sdn. Bhd' certificate authority. More information can be found in the Mozilla Security Blog. This update also fixes an insecure load path for pkcs11.txt configuration file CVE-2011-3640 . %NASLMINLEVEL 70300 C Tenabl...
Debian DSA-2324-1 : wireshark - programming error
The Microsoft Vulnerability Research group discovered that insecure load path handling could lead to execution of arbitrary Lua script code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Windows Vista / 7 lpksetup. exe the DLL-hijacking-vulnerability warning-the black bar safety net
/ Exploit: Windows Vista/7 lpksetup.exe oci.dll DLL Hijacking Vulnerability Extension: the . mlc Author: Tyler Borland [email protected] Date: 10/20/2010 Tested on: Windows 7 Ultimate Windows Vista Ultimate/Enterpries and Windows 7 Enterprise should be vulnerable as well Effect: Remote Code...