Search CVE reports
11 – 18 of 18 results
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to...
1 affected package
dpkg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dpkg | — | — | — | — |
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
1 affected package
dpkg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dpkg | — | — | — | — |
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
1 affected package
dpkg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dpkg | — | — | — | — |
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a...
4 affected packages
bzip2, clamav, dpkg, dump
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bzip2 | — | — | — | — |
| clamav | — | — | — | — |
| dpkg | — | — | — | — |
| dump | — | — | — | — |
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
1 affected package
dpkg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dpkg | — | — | — | — |
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug -...
1 affected package
dpkg-cross
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dpkg-cross | — | — | — | — |
Some fixes available 19 of 21
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as...
9 affected packages
aide, bacula, dpkg, dump, ia32-libs...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| aide | — | — | — | — |
| bacula | — | — | — | — |
| dpkg | — | — | — | — |
| dump | — | — | — | — |
| ia32-libs | — | — | — | — |
| rpm | — | — | — | — |
| sash | — | — | — | — |
| zlib | — | — | — | — |
| zsync | — | — | — | — |
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
6 affected packages
rpm, sash, aide, dpkg, ia32-libs, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rpm | — | — | — | — |
| sash | — | — | — | — |
| aide | — | — | — | — |
| dpkg | — | — | — | — |
| ia32-libs | — | — | — | — |
| zlib | — | — | — | — |