34 matches found
uWSGI PHP Plugin Directory Traversal (CVE-2018-7490)
A directory traversal vulnerability exists in Debian debian linux 8.0. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Debian DSA-4184-1 : sdl-image1.2 - security update
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened. C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian DSA-4093-1 : openocd - security update
Josef Gajdusek discovered that OpenOCD, a JTAG debugger for ARM and MIPS, was vulnerable to Cross Protocol Scripting attacks. An attacker could craft a HTML page that, when visited by a victim running OpenOCD, could execute arbitrary commands on the victims host. This fix also sets the OpenOCD...
Debian DSA-4084-1 : gifsicle - security update
It was discovered that gifsicle, a tool for manipulating GIF image files, contained a flaw that could lead to arbitrary code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4084. The text itself is...
Debian DSA-4068-1 : rsync - security update
Several vulnerabilities were discovered in rsync, a fast, versatile, remote and local file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian DSA-3970-1 : emacs24 - security update
Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Debian DSA-3938-1 : libgd2 - security update
Matviy Kotoniy reported that the gdImageCreateFromGifCtx function used to load images from GIF format files in libgd2, a library for programmatic graphics creation and manipulation, does not zero stack allocated color map buffers before their use, which may result in information disclosure if a...
Debian DSA-3905-1 : xorg-server - security update
Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3905. The tex...
Debian DSA-3870-1 : wordpress - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3812-1 : ioquake3 - security update
It was discovered that ioquake3, a modified version of the ioQuake3 game engine performs insufficent restrictions on automatically downloaded content pk3 files or game code, which allows malicious game servers to modify configuration settings including driver settings. %NASLMINLEVEL 70300 C Tenab...
Debian DSA-3801-1 : ruby-zip - security update
It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. %NASLMINLEVEL 70300 C...
Debian DSA-3784-1 : viewvc - security update
Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
Debian DSA-3757-1 : icedove - security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple vulnerabilities may lead to the execution of arbitrary code, data leakage or bypass of the content security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-3742-1 : flightgear - security update
It was discovered that the Flight Gear flight simulator performs insufficient sanitising of Nasal scripts which allows a malicious script to overwrite arbitrary files with the privileges of the user running Flight Gear. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-3718-1 : drupal7 - security update
Multiple vulnerabilities has been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-005 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DSA-3662-1 : inspircd - security update
It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3662. The text...
Debian DSA-3661-1 : charybdis - security update
It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3661. The text...
Debian DSA-3643-1 : kde4libs - security update
Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with '../' in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricke...
Debian DSA-3615-1 : wireshark - security update
Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB, Toshiba, CoSine, NetScreen, WBXML which could result in denial of service or potentially the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network...
Debian DSA-3582-1 : expat - security update
Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat libra...