NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2019-0202)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Vulnerability (NS-SA-2019-0194)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by a vulnerability: - In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0203)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to...

Cross-site Scripting (XSS)

jspwiki-main is vulnerable to cross-site scripting XSS. The vulnerability exists as the value of title and rootname are not sanitized in org/apache/wiki/plugin/ReferredPagesPlugin.java...

NewStart CGSL MAIN 4.06 : qemu-kvm Vulnerability (NS-SA-2019-0176)

The remote NewStart CGSL host, running version MAIN 4.06, has qemu-kvm packages installed that are affected by a vulnerability: - tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. CVE-2019-9824 Note that...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the...

NewStart CGSL MAIN 4.06 : bind Vulnerability (NS-SA-2019-0174)

The remote NewStart CGSL host, running version MAIN 4.06, has bind packages installed that are affected by a vulnerability: Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number. %NASLMINLEVEL 70300 C Tenable Network Security...

NewStart CGSL MAIN 4.06 : dbus Vulnerability (NS-SA-2019-0173)

The remote NewStart CGSL host, running version MAIN 4.06, has dbus packages installed that are affected by a vulnerability: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses of...

NewStart CGSL MAIN 4.06 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0178)

The remote NewStart CGSL host, running version MAIN 4.06, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to...

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Vulnerability (NS-SA-2019-0172)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by a vulnerability: - In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated...

NewStart CGSL MAIN 4.06 : libvirt Vulnerability (NS-SA-2019-0173)

The remote NewStart CGSL host, running version MAIN 4.06, has libvirt packages installed that are affected by a vulnerability: - It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary pat...

NewStart CGSL MAIN 4.06 : vim Vulnerability (NS-SA-2019-0177)

The remote NewStart CGSL host, running version MAIN 4.06, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by...

NewStart CGSL CORE 5.05 / MAIN 5.05 : 389-ds-base Vulnerability (NS-SA-2019-0170)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has 389-ds-base packages installed that are affected by a vulnerability: - In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout'...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0175)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted...

NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)

The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remot...

NewStart CGSL MAIN 4.06 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0175)

The remote NewStart CGSL host, running version MAIN 4.06, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to...

NewStart CGSL MAIN 4.06 : python Vulnerability (NS-SA-2019-0174)

The remote NewStart CGSL host, running version MAIN 4.06, has python packages installed that are affected by a vulnerability: - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is...

D-link DIR-806 Stack Buffer Overflow Vulnerability

The Dlink DIR-806 is a wireless AC1200 dual-band router. A stack buffer overflow vulnerability exists in hnapmain in /htdocs/cgibin of the D-link DIR-806. The vulnerability can be exploited to run shellcode via a long HTTP header starting with "SOAPAction:...

CVE-2019-10892

An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnapmain at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a...

PT-2019-6464 · D Link · D-Link Dir-806

Name of the Vulnerable Software and Affected Versions: D-Link DIR-806 devices affected versions not specified Description: An issue was discovered in D-Link DIR-806 devices, where there is a command injection in the hnap main function. This function calls system without checking the parameter tha...