Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by unadf_project
CVE-2016-1244 (GCVE-0-2016-1244)
Vulnerability from nvd – Published: 2016-10-03 00:00 – Updated: 2024-08-05 22:48
VLAI
EPSS
VEX
Summary
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/93332 | vdb-entry |
| https://security.gentoo.org/glsa/201804-20 | vendor-advisory |
| http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-… | |
| http://www.debian.org/security/2016/dsa-3676 | vendor-advisory |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | |
| https://lists.debian.org/debian-lts-announce/2024… | mailing-list |
Date Public
2016-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93332",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93332"
},
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"tags": [
"x_transferred"
],
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:06:06.708Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "93332",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/93332"
},
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1244",
"datePublished": "2016-10-03T00:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1243 (GCVE-0-2016-1243)
Vulnerability from nvd – Published: 2016-10-03 00:00 – Updated: 2024-08-05 22:48
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201804-20 | vendor-advisory |
| http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-… | |
| http://www.securityfocus.com/bid/93329 | vdb-entry |
| http://www.debian.org/security/2016/dsa-3676 | vendor-advisory |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | |
| https://lists.debian.org/debian-lts-announce/2024… | mailing-list |
Date Public
2016-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"tags": [
"x_transferred"
],
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "93329",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93329"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:06:04.948Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "93329",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/93329"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1243",
"datePublished": "2016-10-03T00:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1243 (GCVE-0-2016-1243)
Vulnerability from cvelistv5 – Published: 2016-10-03 00:00 – Updated: 2024-08-05 22:48
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201804-20 | vendor-advisory |
| http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-… | |
| http://www.securityfocus.com/bid/93329 | vdb-entry |
| http://www.debian.org/security/2016/dsa-3676 | vendor-advisory |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | |
| https://lists.debian.org/debian-lts-announce/2024… | mailing-list |
Date Public
2016-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"tags": [
"x_transferred"
],
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "93329",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93329"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:06:04.948Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "93329",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/93329"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1243",
"datePublished": "2016-10-03T00:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1244 (GCVE-0-2016-1244)
Vulnerability from cvelistv5 – Published: 2016-10-03 00:00 – Updated: 2024-08-05 22:48
VLAI
EPSS
VEX
Summary
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/93332 | vdb-entry |
| https://security.gentoo.org/glsa/201804-20 | vendor-advisory |
| http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-… | |
| http://www.debian.org/security/2016/dsa-3676 | vendor-advisory |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | |
| https://lists.debian.org/debian-lts-announce/2024… | mailing-list |
Date Public
2016-09-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93332",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93332"
},
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"tags": [
"x_transferred"
],
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T19:06:06.708Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "93332",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/93332"
},
{
"name": "GLSA-201804-20",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201804-20"
},
{
"url": "http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch"
},
{
"name": "DSA-3676",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3676"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248"
},
{
"name": "[debian-lts-announce] 20240315 [SECURITY] [DLA 3762-1] unadf security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1244",
"datePublished": "2016-10-03T00:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}