Malicious code in vcdiff-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d15d16ed1fc3a2984f207f6b4cf5fbea00fc66ecbf61a57faee650730aaf5c9d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-47811 Malicious code in vcdiff-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d15d16ed1fc3a2984f207f6b4cf5fbea00fc66ecbf61a57faee650730aaf5c9d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

SUSE CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

xdelta: User-assisted execution of arbitrary code

Background Xdelta is a C library and command-line tool for delta compression using VCDIFF/RFC 3284 streams. Description A buffer overflow can be triggered within xdelta when ran against a malicious input file. Impact A remote attacker could coerce the victim to run xdelta against a malicious inpu...

Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow Exploit

Exploit for linux platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=513 There's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format used in SDCH content encoding. This results in the parser parsing...

Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow

Source: https://code.google.com/p/google-security-research/issues/detail?id=513 There's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format used in SDCH content encoding. This results in the parser parsing outside of sane memory bounds when parsing the...

Mandriva Update for emacs MDVSA-2008:096 (emacs)

Check for the Version of emacs OpenVAS Vulnerability Test Mandriva Update for emacs MDVSA-2008:096 emacs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Update for emacs MDVSA-2008:096 (emacs)

Check for the Version of emacs OpenVAS Vulnerability Test Mandriva Update for emacs MDVSA-2008:096 emacs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Ubuntu: Security Advisory (USN-607-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for emacs21, emacs22 vulnerabilities USN-607-1

Ubuntu Update for Linux kernel vulnerabilities USN-607-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6071.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for emacs21, emacs22 vulnerabilities USN-607-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : emacs21, emacs22 vulnerabilities (USN-607-1)

It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. CVE-2007-6109 Steve Grubb...

emacs symbolic links vulnerability

vcdiff script insecure tamporary files creation...

GNU Emacs创建不安全临时文件漏洞

BUGTRAQ ID: 28857 CVECAN ID: CVE-2008-1694 Emacs是一个可扩展的实时显示编辑器。 Emacs的vcdiff工具（lib-src/vcdiff）以不安全的方式使用临时文件，这允许本地攻击者通过符号链接攻击以运行vcdiff用户的权限写入任意文件。 GNU Emacs 20.7 - 22.1.50 GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lib-src/vcdiff?view=log...

DEBIAN-CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2008-1694

CVE-2008-1694 concerns the vcdiff component in Emacs versions 20.7 through 22.1.50 when used with SCCS. The underlying issue is insecure handling of temporary files in the vcdiff script, enabling a local attacker to overwrite arbitrary files via a symlink race condition. Public advisories confirm...

CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files...