📄 Voyager 1.8.0 Arbitrary File Upload

Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...

K55121327: GnuPG vulnerability CVE-2018-12020

Security Advisory Description mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example,...

SUSE CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represen...

Spoofable Output

gnupg2 is vulnerable to spoofable output attacks. The vulnerability exists as mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs tha...

gnupg2 security update

2.0.14-9 - fix CVE-2018-12020 - missing sanitization of original filename...

USN-3675-2 gnupg2 vulnerability

USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not...

CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represen...

PT-2018-2214 · Gnu +5 · Gnupg +5

Name of the Vulnerable Software and Affected Versions: GnuPG versions prior to 2.2.8 Description: The issue is related to the mishandling of the original filename during decryption and verification actions in the mainproc.c component. This allows remote attackers to spoof output sent to other...

DEBIAN-CVE-2005-1228

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. dot dot in the original filename within a compressed file...