Vulnerability CVE-2005-2475 - CERT Civis.Net

Vulnerability Name:

CVE-2005-2475 (CCN-21711)

Assigned:

2005-08-02

Published:

2005-08-02

Updated:

2017-10-11

Summary:

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

CVSS v3 Severity:

2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: SCO
Type: UNKNOWN
SCOSA-2005.39

Source: MITRE
Type: CNA
CVE-2005-2475

Source: MITRE
Type: CNA
CVE-2008-0888

Source: BUGTRAQ
Type: UNKNOWN
20050801 unzip TOCTOU file-permissions vulnerability

Source: CCN
Type: BugTraq Mailing List, 2005-08-02 22:22:54
Zip 2,31 bad default file-permissions vulnerability

Source: CCN
Type: RHSA-2007-0203
Low: unzip security and bug fix update

Source: CCN
Type: RHSA-2008-0196
Moderate: unzip security update

Source: CCN
Type: SA16309
UnZip File Permissions Change Vulnerability

Source: SECUNIA
Type: UNKNOWN
16309

Source: SECUNIA
Type: UNKNOWN
16985

Source: SECUNIA
Type: UNKNOWN
17006

Source: SECUNIA
Type: UNKNOWN
17045

Source: SECUNIA
Type: UNKNOWN
17342

Source: SECUNIA
Type: UNKNOWN
17653

Source: SECUNIA
Type: UNKNOWN
25098

Source: CCN
Type: SA29415
UnZip "inflate_dynamic()" Uninitialized Pointers Vulnerability

Source: CCN
Type: SA30535
VMware ESX Server Multiple Security Updates

Source: CCN
Type: SA40539
Sun Solaris Unzip Two Vulnerabilities

Source: CCN
Type: SA40542
Sun Solaris 10 Unzip Two Vulnerabilities

Source: SREASON
Type: UNKNOWN
32

Source: CCN
Type: SECTRACK ID: 1019634
UnZip NEEDBITS Macro Memory Free May Let Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2007-209
unzip security and bug fix update (RHSA-2007-0203)

Source: DEBIAN
Type: UNKNOWN
DSA-903

Source: DEBIAN
Type: DSA-1522
unzip -- programming error

Source: DEBIAN
Type: DSA-903
unzip -- race condition

Source: CONFIRM
Type: UNKNOWN
http://www.info-zip.org/FAQ.html

Source: CCN
Type: Zip Web site
Info-ZIP's Zip

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:197

Source: OSVDB
Type: UNKNOWN
18530

Source: CCN
Type: OSVDB ID: 18530
UnZip Race Condition Arbitrary File Permission Modification

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0203

Source: BID
Type: UNKNOWN
14450

Source: CCN
Type: BID-14450
Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness

Source: CCN
Type: BID-28288
Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2005-0053

Source: CCN
Type: USN-191-1
unzip vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-191-1

Source: XF
Type: UNKNOWN
zip-file-permissions(21711)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9975

Vulnerable Configuration:

Configuration 1:

cpe:/a:info-zip:unzip:5.52:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2005-2475 (CCN-22449)

Assigned:

2005-08-02

Published:

2005-08-02

Updated:

2005-08-03

Summary:

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Consequences:

File Manipulation

References:

Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 28 2005 - 13:17:01 CDT
OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability

Source: MITRE
Type: CNA
CVE-2005-2475

Source: CCN
Type: RHSA-2007-0203
Low: unzip security and bug fix update

Source: CCN
Type: SA16309
UnZip File Permissions Change Vulnerability

Source: CCN
Type: ASA-2007-209
unzip security and bug fix update (RHSA-2007-0203)

Source: DEBIAN
Type: DSA-903
unzip -- race condition

Source: CCN
Type: UnZip Web site
Info-ZIP's UnZip

Source: CCN
Type: Fedora Update Notification FEDORA-2005-844
unzip

Source: CCN
Type: OSVDB ID: 18530
UnZip Race Condition Arbitrary File Permission Modification

Source: CCN
Type: BID-14450
Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness

Source: CCN
Type: USN-191-1
unzip vulnerability

Source: XF
Type: UNKNOWN
unzip-toctou-race-condition(22449)

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:info-zip:unzip:5.52:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora_core:3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2005-2475 (CCN-41246)

Assigned:

2005-08-02

Published:

2005-08-02

Updated:

2008-03-17

Summary:

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-2475

Source: MITRE
Type: CNA
CVE-2008-0888

Source: CCN
Type: RHSA-2007-0203
Low: unzip security and bug fix update

Source: CCN
Type: RHSA-2008-0196
Moderate: unzip security update

Source: CCN
Type: SA16309
UnZip File Permissions Change Vulnerability

Source: CCN
Type: SA29415
UnZip "inflate_dynamic()" Uninitialized Pointers Vulnerability

Source: CCN
Type: SA30535
VMware ESX Server Multiple Security Updates

Source: CCN
Type: SA40542
Sun Solaris 10 Unzip Two Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1019634
UnZip NEEDBITS Macro Memory Free May Let Remote Users Execute Arbitrary Code

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CCN
Type: ASA-2008-149
unzip security update (RHSA-2008-0196)

Source: DEBIAN
Type: DSA-1522
unzip -- programming error

Source: CCN
Type: GLSA-200804-06
UnZip: User-assisted execution of arbitrary code

Source: CCN
Type: Info-ZIP Web site
Info-ZIP's UnZip

Source: CCN
Type: OSVDB ID: 18530
UnZip Race Condition Arbitrary File Permission Modification

Source: CCN
Type: BID-14450
Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness

Source: CCN
Type: BID-28288
Info-ZIP UnZip 'inflate_dynamic()' Remote Code Execution Vulnerability

Source: CCN
Type: USN-589-1
unzip vulnerability

Source: CCN
Type: VMSA-2008-0009
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: XF
Type: UNKNOWN
unzip-inflatedynamic-code-execution(41246)

Source: CCN
Type: RPL-2317
unzip CVE-2008-0888

Source: SUSE
Type: SUSE-SR:2008:007
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:info-zip:unzip:5.52:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:1.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:1.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:1.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20052475	V	CVE-2005-2475	2022-06-30
oval:org.opensuse.security:def:113554	P	unzip-6.00-39.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:42244	P	Security update for python-Babel (Important)	2021-12-06
oval:org.opensuse.security:def:32235	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:26177	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:31316	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:32232	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:31305	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31304	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26163	P	Security update for bind (Important)	2021-11-11
oval:org.opensuse.security:def:26149	P	Security update for iproute2 (Moderate)	2021-10-18
oval:org.opensuse.security:def:106945	P	unzip-6.00-39.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:33014	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:32183	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:26119	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:31671	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:26105	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:32975	P	Security update for fastjar (Low)	2021-08-06
oval:org.opensuse.security:def:32148	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32127	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32124	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31200	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:26068	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36315	P	unzip-6.00-11.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42722	P	unzip-6.00-11.13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26066	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:32091	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:31614	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:32080	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26026	P	Security update for cifs-utils (Moderate)	2021-04-13
oval:org.opensuse.security:def:31603	P	Security update for fwupdate (Important)	2021-04-08
oval:org.opensuse.security:def:32271	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26206	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:31735	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:31724	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:31332	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32019	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:31568	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:25973	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:35837	P	unzip-6.00-11.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36051	P	unzip-6.00-11.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42458	P	unzip-6.00-11.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35646	P	unzip-5.52-142.23.43 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42053	P	unzip-5.52-142.23.43 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25209	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:25539	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:26801	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25388	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:25672	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26017	P	Security update for gnome-shell (Low)	2020-12-01
oval:org.opensuse.security:def:26376	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25600	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25804	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26596	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25940	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26290	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31868	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32611	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31126	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31481	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32762	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31970	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32337	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31517	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:32557	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31867	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25929	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25273	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25623	P	Security update for cifs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:26836	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25399	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:25729	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:26279	P	Security update for gimp (Low)	2020-12-01
oval:org.opensuse.security:def:27014	P	perl-libwww-perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25601	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25885	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26230	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26640	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25864	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26441	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:31890	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32058	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32801	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31518	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:31827	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32601	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31781	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:32391	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25197	P	Security update for gnuplot (Moderate)	2020-12-01
oval:org.opensuse.security:def:25401	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:25774	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25463	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:25813	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26318	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:27049	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25612	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:25942	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:26543	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27278	P	python-lxml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25865	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:26494	P	Security update for pdns-recursor (Important)	2020-12-01
oval:org.opensuse.security:def:31934	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:31114	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31390	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:31758	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:31529	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:31884	P	Security update for dosfstools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32496	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33239	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31782	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32447	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26611	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25198	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:25482	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25387	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:25591	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25964	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:26332	P	Security update for karchive (Important)	2020-12-01
oval:org.opensuse.security:def:25676	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26582	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27313	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31829	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32572	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31115	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31424	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:31780	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31522	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32293	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:31971	P	Security update for jakarta-commons-collections (Moderate)	2020-12-01
oval:org.opensuse.security:def:32535	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33278	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31793	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25915	P	Security update for libosip2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26646	P	unzip on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:9975	V	Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.	2013-04-29
oval:org.debian:def:903	V	race condition	2013-01-21
oval:com.redhat.rhsa:def:20070203	P	RHSA-2007:0203: unzip security and bug fix update (Low)	2008-03-20
oval:com.redhat.rhba:def:20070418	P	RHBA-2007:0418: unzip bug fix update (None)	2007-06-07