11 matches found
CVE-2022-39285
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...
DSA-3281-1 Debian Security Team PGP/GPG key change notice
This is a notice that the Debian Security Team has changed its PGP/GPG contact key because of a periodic regular key rollover. The new key's fingerprint is: 0D59 D2B1 5144 766A 14D2 41C6 6BAF 400B 05C3 E651 The creation date is 2015-01-18 and it has been signed by the previous Security Team conta...
cpio -- multiple vulnerabilities
From the Debian Security Team: Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitra...
libevent -- integer overflow in evbuffers
Debian Security Team reports: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this fla...
RHEL 5 : jabberd (RHSA-2011:0881)
An updated jabberd package that fixes one security issue is now available for Red Hat Network Proxy 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RHEL 5 : jabberd (RHSA-2011:0882)
An updated jabberd package that fixes one security issue is now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...
CentOS Update for libsmbclient CESA-2011:1219 centos5 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
sql-ledger -- multiple vulnerabilities
The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...
gtetrinet -- remote code execution
The Debian Security Team reports: Michael Gehring discovered several potential out-of-bounds index accesses in gtetrinet, a multiplayer Tetris-like game, which may allow a remote server to execute arbitrary code...
fsp buffer overflow and directory traversal vulnerabilities
The Debian security team reported a pair of vulnerabilities in fsp: A vulnerability was discovered in fsp, client utilities for File Service Protocol FSP, whereby a remote user could both escape from the FSP root directory CAN-2003-1022, and also overflow a fixed-length buffer to execute arbitrar...
[SECURITY] [DSA 153-1] New mantis package fixes cross site code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 153-1 [email protected] http://www.debian.org/security/ Martin Schulze August 14th, 2002 http://www.debian.org/security/faq -...