136 matches found
Fedora 29 : libssh2 (2019-f31c14682f)
This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
[ASA-201903-12] libssh2: multiple issues
Arch Linux Security Advisory ASA-201903-12 ========================================== Severity: Critical Date : 2019-03-22 CVE-ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Package : libssh2 Type : multiple issue...
CVE-2019-3855
CVE-2019-3855 is a libssh2 integer overflow in the transport read path that may cause an out-of-bounds write when processing server packets. The issue appears in libssh2 prior to 1.8.1 and could enable code exposure or other impact if a user connects to a malicious SSH server. Connected advisorie...
Libssh Releases Update to Patch 9 New Security Vulnerabilities
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Re...
Slackware 14.2 / current : libssh2 (SSA:2019-077-01)
New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-077-01. The text itself is copyright C Slackware Linux, Inc...
[slackware-security] libssh2
New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libssh2-1.8.1-i586-1slack14.2.txz: Upgraded. Fixed several security issues. For more information, see:...
Ubuntu 16.04 LTS / 18.04 LTS : systemd vulnerabilities (USN-3855-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3855-1 advisory. It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could...
Ubuntu: Security Advisory (USN-3855-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-3855
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution...
CVE-2018-3855
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution...
CVE-2018-3855
CVE-2018-3855 affects Hyland Perceptive Document Filters 11.4.0.2647. The DOC-to-HTML conversion path contains updateNumbering code that can be triggered by a crafted OpenDocument, causing a stack-based overflow/incorrect writes and remote code execution. Public writeups (Talos report TALOS-2018-...
espnfc.com XSS vulnerability
Vulnerable URL: http://www.espnfc.com/player/127269/jordan-henderson?season=2014%27%22--!%3E%20%3C/script/%3E%3CSvg/Onload=confirmOPENBUGBOUNTY//%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...
CVE-2016-3855
drivers/thermal/supplylmcore.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via a crafted application, aka Qualcomm...
CVE-2016-3855
CVE-2016-3855 affects Qualcomm components in Android; the issue is in drivers/thermal/supply_lm_core.c where a count parameter is not validated, enabling out-of-bounds memory access and potentially a denial of service or other impact via a crafted application. The documents reference Qualcomm int...
images.etnet.com.hk Open Redirect vulnerability
Vulnerable URL: http://images.etnet.com.hk/ox/www/delivery/ck.php?oaparams=2bannerid=6773zoneid=0oadest=https://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Ran...
CVE-2014-3855
CVE-2014-3855 affects Pyplate 0.08, where download.py is vulnerable to directory traversal via a '..' in the filename parameter, allowing remote reading of arbitrary files. The vulnerability is documented with a default CVSS v2 base score of 5.0 (Medium) and a network attack vector with low acces...
Oracle Database SQL Compiler Views Unauthorized Manipulation
No description provided by source. source: http://www.securityfocus.com/bid/24887/info Oracle has released a Critical Patch Update advisory for July 2007 to address multiple vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The...
Oracle 9i/10g Evil Views - Change Passwords Exploit
No description provided by source. -- -- bunkerview.sql -- -- Oracle 9i/10g - evil view exploit CVE-2007-3855 -- Uses evil view to perform unauthorized password update -- -- by Andrea bunker Purificato - http://rawlab.mindcreations.com -- 37F1 A7A1 BB94 89DB A920 3105 9F74 7349 AF4C BFA2 -- -- Th...
openSUSE Security Update : freetype2 (openSUSE-SU-2011:0361-1)
Specially crafted font files could crash applications that use freetype2 to render the fonts CVE-2010-3814, CVE-2010-3855. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update freetype2-4080. The...
CVE-2013-3855
CVE-2013-3855 affects Microsoft Word 2003 SP3/2007 SP3, Office Compatibility Pack SP3, and Word Viewer. Root cause is memory corruption via a crafted Office document, enabling remote code execution or a memory‑corruption DoS. The OpenVAS/NVD entries cite MS13-072 as the remediation path (security...