2114 matches found
Debian DSA-4234-1 : lava-server - security update
Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call. C Tenable Network...
Debian DSA-4231-1 : libgcrypt20 - security update
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4231. The text itself is copyright C Software ...
Debian DSA-4227-1 : plexus-archiver - security update
Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive. C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-4220-1 : firefox-esr - security update
Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4220. The text...
Debian DSA-4214-1 : zookeeper - security update
It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see...
Exploit for Path Traversal in Debian Debian_Linux
PoC exploit for CVE-2018-11235 ============================== G...
Debian DSA-4211-1 : xdg-utils - security update
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a '%s' and the victim opens a link crafted by an attacker with xdg-open, the malicious party could...
Debian DSA-4204-1 : imagemagick - security update
This update fixes several vulnerabilities in imagemagick, a graphical software suite. Various memory handling problems or issues about incomplete input sanitizing would result in denial of service or memory disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in th...
Debian DSA-4192-1 : libmad - security update
Several vulnerabilities were discovered in MAD, an MPEG audio decoder library, which could result in denial of service if a malformed audio file is processed. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Debian DSA-4193-1 : wordpress - security update
Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects. More information can be found in the upstream advisory at...
Debian DSA-4190-1 : jackson-databind - security update
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing because of an incomplete fix for CVE-2017-7525. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-4184-1 : sdl-image1.2 - security update
Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened. C Tenable Network Security, Inc. The descriptive text and package checks in...
ProcessMaker Plugin Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ProcessMaker Plugin Upload', 'Description' = %q This module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code a...
Debian DSA-4155-1 : thunderbird - security update
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4155. T...
Debian DSA-4149-1 : plexus-utils2 - security update
Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DSA-4121-1 : gcc-6 - security update
This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4121. The text itself i...
Debian Security Advisory DSA 4119-1 (libav - security update)
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.12 OpenVAS Vulnerability Test $Id: deb4119.nasl 8893 2018-02-21 06:36:27...
Debian DSA-4109-1 : ruby-omniauth - security update
Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request...
Debian DSA-4099-1 : ffmpeg - security update
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Debian DSA-4100-1 : tiff - security update
Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Adviso...