Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2016/04/13 12:0 a.m.22 views

Debian DSA-3546-1 : optipng - security update

Hans Jerry Illikainen discovered that missing input sanitising in the BMP processing code of the optipng PNG optimiser may result in denial of service or the execution of arbitrary code if a malformed file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

9.3CVSS7.6AI score0.05383EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2015/12/16 12:0 a.m.37 views

Debian DSA-3420-1 : bind9 - security update

It was discovered that the BIND DNS server does not properly handle the parsing of incoming responses, allowing some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently...

5CVSS6.9AI score0.5469EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/11/30 12:0 a.m.32 views

Debian DSA-3405-1 : smokeping - security update

Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd modcgi passed additional arguments to the smokepingcgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. %NASLMINLEV...

7.5CVSS6.2AI score0.02326EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/04/13 12:0 a.m.22 views

Debian DSA-3220-1 : libtasn1-3 - security update

Hanno Boeck discovered a stack-based buffer overflow in the asn1derdecoding function in Libtasn1, a library to manage ASN.1 structures. A remote attacker could take advantage of this flaw to cause an application using the Libtasn1 library to crash, or potentially to execute arbitrary code...

10CVSS7.7AI score0.07801EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.26 views

Debian DSA-3098-1 : graphviz - security update

Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

7.5CVSS7.3AI score0.05569EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/05/06 12:0 a.m.276 views

Debian DSA-2923-1 : openjdk-7 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

10CVSS8.1AI score0.10117EPSS
Exploits1References28
Tenable Nessus
Tenable Nessus
added 2014/03/28 12:0 a.m.36 views

Debian DSA-2887-1 : ruby-actionmailer-3.2 - security update

Aaron Neyer discovered that missing input sanitising in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

4.3CVSS8.2AI score0.03135EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/03/14 12:0 a.m.31 views

Debian DSA-2875-1 : cups-filters - security update

Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

6.8CVSS7.5AI score0.03219EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2013/11/05 12:0 a.m.20 views

Debian DSA-2791-1 : tryton-client - missing input sanitization

Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client...

7.8CVSS5.3AI score0.02137EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/09/02 12:0 a.m.29 views

Debian DSA-2747-1 : cacti - several vulnerabilities

Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems : - CVE-2013-5588 install/index.php and cacti/host.php suffered from Cross-Site Scripting vulnerabilities. - CVE-2013-5589 cacti/host.php contained a SQL injection vulnerability, allowing an attacker ...

7.5CVSS8.3AI score0.01988EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2013/07/30 12:0 a.m.36 views

Debian DSA-2729-1 : openafs - several vulnerabilities

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the...

4.3CVSS5.3AI score0.01855EPSS
Exploits0References6
Rows per page
Query Builder