5 results (0.019 seconds)

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. Lintian versiones anteriores a 2.5.12, permite a atacantes remotos recabar información sobre el sistema "host" utilizando enlaces simbólicos diseñados. • https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636 https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html https://security-tracker.debian.org/tracker/CVE-2013-1429 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1113881.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. Una vulnerabilidad de deserialización en lintian hasta 2.5.50.3 permite a un atacante realizar una ejecución de código solicitando un paquete de fuentes con un archivo YAML manipulado. • https://bugs.debian.org/861958 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems. Múltiples vulnerabilidades de salto de directorio en Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos sobreescribir archivos a su elección u obtener información sensible a través de vectores que implican (1)nombres de los campos de control, (2)valores de los campos de control, y (3)archivos de control de los sistemas de revisión. • http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html http://secunia.com/advisories/38375 http://secunia.com/advisories/38379 http://www.debian.org/security/2010/dsa-1979 http://www.securityfocus.com/bid/379 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 2%CPEs: 61EXPL: 0

Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module. Múltiples vulnerabilidades de formato de cadena en Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican (1) comprobar las secuencias de comandos(script) (2) el módulo Lintian::Schedule • http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html http://secunia.com/advisories/38375 http://secunia.com/advisories/38379 http://www.debian.org/security/2010/dsa-1979 http://www.securityfocus.com/bid/379 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments. Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres del interprete de comandos (shell) en los argumentos de nombre de archivo. • http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html http://secunia.com/advisories/38375 http://secunia.com/advisories/38379 http://www.debian.org/security/2010/dsa-1979 http://www.securityfocus.com/bid/379 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •