Bastian Blank

#8576of 53,638
32Total CVSS
Vulnerabilities · 5
Low
1
Medium
2
High
1
Critical
1
PT-2017-18541
9.1
2017-10-17
Debian · Ftpsync · CVE-2017-8805
**Name of the Vulnerable Software and Affected Versions** Debian ftpsync versions prior to 20171017 **Description** The issue allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror, due to the lack of the rsync --safe-links option. **Recommendations** For Debian ftpsync versions prior to 20171017, update to a version that includes the fix, which is version 20171017 or later.
PT-2015-5471
6.8
2015-06-19
Openstack · Openstack Cinder · CVE-2015-1851
**Name of the Vulnerable Software and Affected Versions** OpenStack Cinder versions prior to 2014.1.5 OpenStack Cinder versions 2014.2.x prior to 2014.2.4 OpenStack Cinder versions 2015.1.x prior to 2015.1.1 **Description** The issue allows remote authenticated users to read arbitrary files by crafting a qcow2 signature in an image to the upload-to-image command. **Recommendations** For versions prior to 2014.1.5, update to version 2014.1.5 or later. For versions 2014.2.x prior to 2014.2.4, update to version 2014.2.4 or later. For versions 2015.1.x prior to 2015.1.1, update to version 2015.1.1 or later.
PT-2014-3647
5.0
2014-07-03
Perl · Email::Address · CVE-2014-0477
**Name of the Vulnerable Software and Affected Versions** Email::Address module versions prior to 1.905 **Description** The issue concerns the parse function in the Email::Address module, which uses an inefficient regular expression. This inefficiency can be exploited by remote attackers to cause a denial of service through excessive CPU consumption. The attack can be initiated by sending an empty quoted string in an RFC 2822 address. **Recommendations** For versions prior to 1.905, update to version 1.905 or later to resolve the issue.
PT-2013-3379
3.6
2013-03-20
Libvirt · Libvirt · CVE-2013-1766
**Name of the Vulnerable Software and Affected Versions** libvirt versions 1.0.2 and earlier **Description** The issue allows local users to write to device files via unspecified vectors, as the group owner is set to kvm for these files. **Recommendations** For libvirt versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.
PT-2005-1050
7.5
2005-02-25
Debian · Bsmtpd · CVE-2005-0107
**Name of the Vulnerable Software and Affected Versions** bsmtpd versions 2.3 and earlier **Description** The issue affects the bsmtpd package in Debian GNU/Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. Specifically, bsmtpd does not properly sanitize e-mail addresses, allowing remote attackers to execute arbitrary commands. **Recommendations** For versions 2.3 and earlier, update to a version later than 2.3 to resolve the issue. As a temporary workaround, consider restricting access to the bsmtpd service to minimize the risk of exploitation.