Gwyn's Imagemap Selector Security Vulnerabilities

CVE-2021-29046

Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the...

Cross site scripting

Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2021-29046

Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the...

Security update for the Linux Kernel (important)

An update that solves two vulnerabilities and has 55 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-29650: The netfilter subsystem allowed attackers to cause a ...

Security update for opera (important)

An update that fixes 7 vulnerabilities is now available. Description: This update for opera fixes the following issues: Update to version 76.0.4017.94 - released on the stable branch Update to version 76.0.4017.88 - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85 - DNA-92219...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14781 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI...

Security Bulletin: IBM Kenexa LMS On Premise -CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14781 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14782 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...

Security Bulletin: IBM Kenexa LMS On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14782 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...

Security update for exim (critical)

An update that fixes 26 vulnerabilities is now available. Description: This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update (boo#1185631) * CVE-2020-28007: Link attack in Exim's log directory * CVE-2020-28008: Assorted attacks in Exim's spool...

Security update for nim (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for nim fixes the following issues: num was updated to version 1.2.12: Fixed GC crash resulting from inlining of the memory allocation procs Fixed ���incorrect raises effect for $(NimNode)��� (#17454) From...

Security update for nim (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for nim fixes the following issues: num was updated to version 1.2.12: Fixed GC crash resulting from inlining of the memory allocation procs Fixed ���incorrect raises effect for $(NimNode)��� (#17454) From...

SUSE: Security Advisory (SUSE-SU-2017:2856-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2017:2864-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2017:2751-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2017:2873-1)

The remote host is missing an update for...

FreeBSD : Apache Maven -- multiple vulnerabilities (20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a)

The Apache Maven project reports : We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues : Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories...

SUSE: Security Advisory (SUSE-SU-2021:1165-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2017:0575-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2017:0471-1)

The remote host is missing an update for...

Rapid7 Announces General Availability for Scoped Executive Summary Report in InsightVM

Security teams often struggle to demonstrate the efficacy and progress of their organization’s vulnerability and remediation management program. This is a result of the complexity around identifying, collecting, and visualizing complicated metrics. InsightVM’s Executive Summary Report has proved...

MoveKit - Cobalt Strike Kit For Lateral Movement

Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a.....

SUSE SLES12 Security Update : glibc (SUSE-SU-2021:1165-1)

This update for glibc fixes the following issues : CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) Check vector support in.....

openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be...

Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)

The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...

Security update for the Linux Kernel (important)

An update that solves 21 vulnerabilities and has 74 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-3444: Fixed an issue with the bpf verifier which did not ...

Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)

The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...

Apache Maven -- multiple vulnerabilities

The Apache Maven project reports: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues: Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - 180875

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** Third Party Entry: 180875 DESCRIPTION: **jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-7656

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-7656 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-11023, CVE-2020-11022

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-11023 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0872)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0872 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0874)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0874 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0873)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0873 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

(RHSA-2021:0874) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....

(RHSA-2021:0873) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....

(RHSA-2021:0872) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....

Symfony vulnerability

Releases Ubuntu 18.04 ESM Packages symfony - set of reusable components and framework for web projects Details It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain...

Schneider Electric EcoStruxure Building Operation (EBO)

EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the...

Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization...

CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

Design/Logic Flaw

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

Unbounded connection acceptance in http4s-blaze-server

Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...

Unbounded connection acceptance in http4s-blaze-server

Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...

CVE-2021-21294 Unbounded connection acceptance in http4s-blaze-server

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

(RHSA-2021:0248) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....

(RHSA-2021:0247) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....