Lucene search
K

2114 matches found

OpenVAS
OpenVAS
added 2016/11/24 12:0 a.m.39 views

Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)

Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html This update removes the insecu...

7.5CVSS0.1AI score0.09192EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2016/11/21 12:0 a.m.46 views

Debian Security Advisory DSA 3720-1 (tomcat8 - security update)

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

5CVSS0.1AI score0.10303EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2016/11/18 12:0 a.m.40 views

Debian DSA-3718-1 : drupal7 - security update

Multiple vulnerabilities has been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/SA-CORE-2016-005 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

6.8CVSS5.8AI score0.01957EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2016/11/16 12:0 a.m.37 views

Debian Security Advisory DSA 3716-1 (firefox-esr - security update)

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update...

0.12416EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2016/11/15 12:0 a.m.13 views

Debian Security Advisory DSA 3713-1 (gst-plugins-bad0.10 - security update)

Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code. Further details can be found in his advisory at http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html . OpenVAS Vulnerability Test...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/11/14 12:0 a.m.34 views

Debian DSA-3712-1 : terminology - security update

Nicolas Braud-Santoni discovered that incorrect sanitising of character escape sequences in the Terminology terminal emulator may result in the execution of arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

7.8CVSS7.7AI score0.01114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/11/09 12:0 a.m.11 views

Debian DSA-3708-1 : mat - security update

Hartmut Goebel discovered that MAT, a toolkit to anonymise/remove metadata from files did not remove metadata from images embededed in PDF documents. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

5.4AI score
Exploits0References3
OpenVAS
OpenVAS
added 2016/11/08 12:0 a.m.45 views

Debian Security Advisory DSA 3703-1 (bind9 - security update)

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

5CVSS0.2AI score0.38733EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/11/07 12:0 a.m.44 views

Debian Security Advisory DSA 3706-1 (mysql-5.5 - security update)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.53, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see th...

3.5CVSS5.7AI score0.01493EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/10/25 12:0 a.m.30 views

Debian Security Advisory DSA 3700-1 (asterisk - security update)

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation. OpenVAS Vulnerability Test $Id: deb3700.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3700-1...

7.1CVSS0.5AI score0.46156EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2016/10/13 12:0 a.m.19 views

Debian Security Advisory DSA 3692-1 (freeimage - security update)

Multiple vulnerabilities were discovered in the FreeImage multimedia library, which might result in denial of service or the execution of arbitrary code if a malformed XMP or RAW image is processed. OpenVAS Vulnerability Test $Id: deb3692.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated...

6.8CVSS0.4AI score0.05434EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2016/09/26 12:0 a.m.23 views

Debian Security Advisory DSA 3678-1 (python-django - security update)

Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery CSRF protections built into Django. OpenVAS Vulnerability Test $Id:...

5CVSS0.0613EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2016/09/19 12:0 a.m.5 views

The vulnerability of the Debian GNU/Linux operating system and the DBD::mysql driver allows attackers to exert undefined effects.

The vulnerability of the mylogin function in the Debian GNU/Linux operating system and the DBD::mysql driver is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to have unpredictable effects by using the mysqlerrno function after the mylogin...

10CVSS7.8AI score0.04485EPSS
Exploits0References9Affected Software2
OpenVAS
OpenVAS
added 2016/09/15 12:0 a.m.33 views

Debian Security Advisory DSA 3669-1 (tomcat7 - security update)

Dawid Golunski of LegalHackers discovered that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. OpenVAS Vulnerability Test $Id: deb3669.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3669-1 using nvtgen 1.0 Script...

7.2CVSS0.3AI score0.09783EPSS
Exploits8References1
OpenVAS
OpenVAS
added 2016/09/15 12:0 a.m.28 views

Debian Security Advisory DSA 3668-1 (mailman - security update)

It was discovered that there was a CSRF vulnerability in mailman, a web-based mailing list manager, which could allow an attacker to obtain a user OpenVAS Vulnerability Test $Id: deb3668.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3668-1 using nvtgen 1.0 Script...

6.8CVSS0.5AI score0.01613EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/09/09 12:0 a.m.19 views

Debian DSA-3662-1 : inspircd - security update

It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3662. The text...

5.9CVSS6.2AI score0.0108EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/09/08 12:0 a.m.20 views

Debian DSA-3661-1 : charybdis - security update

It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3661. The text...

8.1CVSS7.3AI score0.0106EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/09/06 12:0 a.m.28 views

Debian Security Advisory DSA 3661-1 (charybdis - security update)

It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users. OpenVAS Vulnerability Test $Id: deb3661.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3661-1 using nvtgen 1.0 Script version: 1.0 Author:...

6.8CVSS0.2AI score0.0106EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/08/26 12:0 a.m.27 views

Debian Security Advisory DSA 3654-1 (quagga - security update)

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tams Nmeth discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling man...

5CVSS0.2AI score0.04642EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/08/26 12:0 a.m.25 views

Debian DSA-3654-1 : quagga - security update

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. - CVE-2016-4036 Tamas Nemeth discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. - CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handli...

7.5CVSS6.8AI score0.04642EPSS
Exploits0References8
Rows per page
Query Builder