723 matches found
ScanQLi - Scanner To Detect SQL Injection Vulnerabilities
ScanQLi is a simple SQL injection scanner with somes additionals features. This tool can't exploit the SQLi, it just detect them. Tested onDebian 9 Features Classic Blind Time based GBK soon Recursive scan follow all hrefs of the scanned web site Cookies integration Adjustable wait delay between...
GLSA-201904-14 : GnuTLS: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201904-14 GnuTLS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Impact : Please review the CVE identifiers referenced below for...
GLSA-201904-15 : libTIFF: Denial of service
The remote host is affected by the vulnerability described in GLSA-201904-15 libTIFF: Denial of service Please review the CVE identifier referenced below for details. Impact : Please review the CVE identifier referenced below for details. Workaround : There is no known workaround at this time. C...
libTIFF: Denial of service
Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description Please review the CVE identifier referenced below for details. Impact Please review the...
[SECURITY] Fedora 30 Update: python3-3.7.2-8.fc30
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
GLSA-201903-22 : ZeroMQ: Code execution
The remote host is affected by the vulnerability described in GLSA-201903-22 ZeroMQ: Code execution Please reference the CVE for details. Impact : Please reference the CVE for details. Workaround : There is no known workaround at this time. C Tenable Network Security, Inc. The descriptive text an...
CVE-2019-3832
It was discovered the fix for CVE-2018-19758 libsndfile was not complete and still allows a read beyond the limits of a buffer in wavwriteheader function in wav.c. A local attacker may use this flaw to make the application crash...
GNU C Library: Arbitrary descriptor allocation
Background The GNU C library is the standard C library used by Gentoo Linux systems. Description A vulnerability was discovered in the GNU C Library functions xdrbytes and xdrstring. Impact A remote attacker, by sending a crafted UDP packet, could cause a Denial of Service condition. Workaround...
GLSA-201903-12 : WebkitGTK+: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-12 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : An attacker could execute arbitrary code or conduct...
OpenSSL: Multiple vulnerabilities
Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libs
Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in X.Org libs. Vulnerability Details Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in X.Org libs. Vulnerability Details CVEID: CVE-2016-7953 Description: X.Org...
RHEL 7 : systemd (RHSA-2019:0204)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0204 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...
[SECURITY] Fedora 29 Update: python3-3.7.2-4.fc29
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
CVE-2018-1000814
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
CVE-2018-1000814
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...
CVE-2018-1000814
CVE-2018-1000814 affects aiohttp-session versions 2.6.0 and earlier. The vulnerability lies in EncryptedCookieStorage and NaClCookieStorage, allowing non-expiring (infinite) sessions. Exploitation described as recreation of a cookie post-expiry with the same value; no explicit fixes are provided ...
GLSA-201812-04 : WebkitGTK+: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201812-04 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary commands or...
WebkitGTK+: Multiple vulnerabilities
Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...
Scientific Linux Security Update : krb5 on SL7.x x86_64 (20181030)
Security Fixes : - krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data CVE-2018-5729 - krb5: DN container check bypass by supplying special crafted data CVE-2018-5730 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...