Oracle Linux 8 : ruby:2.5 (ELSA-2023-12064)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12064 advisory. - There is a buffer over-read in Ruby before 2.6.10, 2.7.x b ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Debian DLA-3276-1 : lava – LTS security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3276 advisory. - In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...

Continue Reading

CVSS3 - MEDIUM

ruby:2.5 security update

ruby [2.5.9-110.0.1] - Fix for CVE-2022-28739 [Orabug: 34824177]Read More ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Debian DSA-5318-1 : lava – security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5318 advisory. - In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...

Continue Reading
SUSE SLES12 Security Update : php74 (SUSE-SU-2023:0072-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0072-1 advisory. - The GetCode_ function in gd_gif_in.c in GD ...

Continue Reading
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2023:0073-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0073-1 advisory. Note that Nessus has not tested for this issue ...

Continue Reading
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the `$method` argument of Client::send, it was possible to force the client to _access local files_ or _connect to undesired urls_ instead of the intended target server's url (the one used in ...

Continue Reading
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the `$method` argument of Client::send, it was possible to force the client to _access local files_ or _connect to undesired urls_ instead of the intended target server's url (the one used in ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy