Lucene search
K

2114 matches found

Check Point Advisories
Check Point Advisories
added 2020/07/03 12:0 a.m.6 views

uWSGI PHP Plugin Directory Traversal (CVE-2018-7490)

A directory traversal vulnerability exists in Debian debian linux 8.0. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

5CVSS5.2AI score0.7081EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/06/22 12:0 a.m.28 views

Debian DSA-4706-1 : drupal7 - security update

It was discovered that Drupal, a fully-featured content management framework, was suspectible to cross site request forgery. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2020-004 C Tenable Network Security, Inc. The descriptive text and packa...

8.8CVSS7.3AI score0.00695EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/04/06 12:0 a.m.223 views

Debian DSA-4653-1 : firefox-esr - security update

Two security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4653. The text itself is copyrigh...

8.1CVSS8.6AI score0.06305EPSS
Exploits1References6
Prion
Prion
added 2020/03/31 6:15 p.m.22 views

Default configuration

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

8.5CVSS7.6AI score0.00907EPSS
Exploits0References2Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/03/26 12:0 a.m.43 views

Debian DSA-4646-1 : icu - security update

Andre Bargull discovered an integer overflow in the International Components for Unicode ICU library which could result in denial of service and potentially the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

8.8CVSS8AI score0.02669EPSS
Exploits0References6
Hacker One
Hacker One
added 2020/03/16 2:9 p.m.89 views

Node.js third-party modules: [sapper] Path Traversal

I would like to report a critical path traversal vunerability in the sapper module It allows an attacker to simply obain arbitrary files from the remote server, exploiting a simple path traversal using URL-encoded "../". Module module name: sapper version: 0.27.10 npm page:...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/02/05 12:0 a.m.50 views

Debian DSA-4617-1 : qtbase-opensource-src - security update

Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

7.3CVSS7AI score0.00568EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2020/02/03 12:0 a.m.27 views

Debian DSA-4612-1 : prosody-modules - security update

It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securi...

9.8CVSS8.2AI score0.01564EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.40 views

Debian DSA-4610-1 : webkit2gtk - security update

The following vulnerabilities have been discovered in the webkit2gtk web engine : - CVE-2019-8835 An anonymous researcher discovered that maliciously crafted web content may lead to arbitrary code execution. - CVE-2019-8844 William Bowling discovered that maliciously crafted web content may lead ...

9.3CVSS7.2AI score0.02256EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2019/12/23 12:0 a.m.54 views

Debian DSA-4591-1 : cyrus-sasl2 - security update

Stephan Zeisberg reported an out-of-bounds write vulnerability in the sasladdstring function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the...

7.5CVSS7.5AI score0.08036EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2019/12/20 12:0 a.m.37 views

Debian DSA-4590-1 : cyrus-imapd - security update

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the 'fileinto' was used, bypassing ACL checks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...

6.5CVSS6.8AI score0.01655EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/10/02 12:0 a.m.52 views

Debian DSA-4539-1 : openssl - security update

Three security issues were discovered in OpenSSL: A timing attack against ECDSA, a padding oracle in PKCS7dataDecode and CMSdecryptset1pkey and it was discovered that a feature of the random number generator RNG intended to protect against shared RNG state between parent and child processes in th...

5.3CVSS6.4AI score0.06232EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/09/09 12:0 a.m.41 views

Debian DSA-4517-1 : exim4 - security update

'Zerons' and Qualys discovered that a buffer overflow triggerable in the TLS negotiation code of the Exim mail transport agent could result in the execution of arbitrary code with root privileges. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

10CVSS9.4AI score0.35736EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2019/09/03 12:0 a.m.57 views

Debian DSA-4511-1 : nghttp2 - security update (Data Dribble) (Resource Loop)

Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2 HTTP server, which could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4511. The text itself is copyright C...

7.8CVSS8AI score0.82017EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.56 views

Debian DSA-4501-1 : libreoffice - security update

It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not complete. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4501. The text itself is copyright C Software in the Public...

9.8CVSS7.5AI score0.78007EPSS
Exploits11References9
Qualys Blog
Qualys Blog
added 2019/07/24 5:26 a.m.94 views

Qualys Policy Compliance Notification: Policy Library Updates (June)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.49 views

Debian DSA-4486-1 : openjdk-11 - security update

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in information disclosure, denial of service or bypass of sandbox restrictions. In addition the implementation of elliptic curve cryptography was modernised. C Tenable Network Security, Inc. The descriptive text a...

5.8CVSS6.4AI score0.04472EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2019/07/16 12:0 a.m.3 views

The vulnerability of the _asn1_expand_object_id function (p_tree) in the Libtasn1 library of the Debian GNU/Linux operating system, related to resource management errors, allows a perpetrator to cause a service failure.

The vulnerability of the asn1expandobjectid function in the Libtasn1 library for the Debian GNU/Linux operating system is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.1CVSS7.5AI score0.02008EPSS
Exploits1References9Affected Software7
Tenable Nessus
Tenable Nessus
added 2019/07/01 12:0 a.m.59 views

Debian DSA-4472-1 : expat - security update

It was discovered that Expat, an XML parsing C library, did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

7.8CVSS6.3AI score0.07107EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/06/24 12:0 a.m.30 views

Debian DSA-4468-1 : php-horde-form - security update

A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution. C Tenable Netwo...

8.8CVSS7.9AI score0.19165EPSS
Exploits3References5
Rows per page
Query Builder