Dbd::pg Security Vulnerabilities

Mageia: Security Advisory (MGASA-2013-0279)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2018-0376)

The remote host is missing an update for...

RHEL 7 : Satellite 6.10.2 Async Bug Fix Update (Moderate) (RHSA-2022:0190)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0190 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

(RHSA-2022:0190) Moderate: Satellite 6.10.2 Async Bug Fix Update

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure

In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused a massive disruption of the fuel...

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure

In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused a massive disruption of the fuel...

(RHSA-2021:4702) Moderate: Satellite 6.10 Release

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es): * python-ecdsa: Unexpected and undocumented exceptions during signature...

new module: ruby:3.0

An update is available for rubygem-mysql2, rubygem-pg, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the...

new module: ruby:3.0

This enhancement update adds the ruby:3.0 module to AlmaLinux (BZ#1938942) For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...

in flatcore/flatcore-cms

Title： race condition vs Temporary File Upload Description flatCore-CMS is vulnerable to Race condition while dealing uploading gallery Codes at https://github.com/flatCore/flatCore-CMS/blob/main/acp/core/files.upload_gallery.php#L31 ```php if(array_key_exists('file',$_FILES) &&...

Debian DLA-2768-1 : uwsgi - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2768 advisory. A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30...

CVE-2021-33626

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code...

Debian: Security Advisory (DLA-2768-1)

The remote host is missing an update for the...

Drupal MiniorangeSAML 8.x-2.22 Privilege Escalation

...

MiniOrange SAML Drupal Module 8.x-2.22 Privilege escalation via XML Signature Wrapping Vulnerability

...

[SECURITY] [DLA 2768-1] uwsgi security update

Debian LTS Advisory DLA-2768-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 29, 2021 https://wiki.debian.org/LTS Package : uwsgi Version : 2.0.14+20161117-3+deb9u4 CVE...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A)

EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU Families Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

uWSGI vulnerability

Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages uwsgi - fast, self-healing application container server Details USN-5054-1 fixed a vulnerability in uWSGI for Ubuntu 18.04 LTS. This update provides the corresponding fixes for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details:...

uWSGI vulnerability

Releases Ubuntu 18.04 ESM Packages uwsgi - fast, self-healing application container server Details Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code...

Ubuntu 18.04 LTS : uWSGI vulnerability (USN-5054-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5054-1 advisory. Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE (CVE-2020-11984) Note that Nessus has not tested for this issue but has...

CentOS 8 : ruby:2.7 (CESA-2021:3020)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3020 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) rubygem-rdoc: Command...

RHEL 8 : ruby:2.7 (RHSA-2021:3020)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3020 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ruby:2.7 security update

ruby [2.7.4-137] - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz#1986768 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Resolves: rhbz#1986812 - Fix StartTLS stripping vulnerability in Net::IMAP. Resolves: rhbz#1986813...

Important: ruby:2.7 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ...

(RHSA-2021:3020) Important: ruby:2.7 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ...

ruby:2.7 security update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is.....

pcs security and bug fix update

An update for pcs is now available for Rocky Linux 8. Rocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:2163-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2163-1 advisory. Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within...

openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2021:2163-1)

The remote host is missing an update for...

Security update for the Linux Kernel (important)

An update that solves 52 vulnerabilities and has 250 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...

Security update for the Linux Kernel (important)

An update that solves 52 vulnerabilities and has 187 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...

ruby:2.6 security, bug fix, and enhancement update

ruby [2.6.7-107] - Upgrade to Ruby 2.6.7. Resolves: rhbz#1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing leading zero Resolves: rhbz#1954968 - Fix: Rubygem-bundler: Don't use insecure tmp directory as home allows for execution of malicious...

Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation...

ruby:2.7 security, bug fix, and enhancement update

ruby [2.7.3-136] - Upgrade to Ruby 2.7.3. Resolves: rhbz#1951999 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz#1952000 [2.7.2-135] - Upgrade to Ruby 2.7.2. - Avoid possible timeout errors in...

Oracle Linux 8 : ruby:2.7 (ELSA-2021-2584)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2584 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had...

ruby:2.5 security, bug fix, and enhancement update

ruby [2.5.9-107] - Update to Ruby 2.5.9. * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz#1952626 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves:...

openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:0940-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:0940-1 advisory. Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within...

openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2021:0940-1)

The remote host is missing an update for...

Moderate: ruby:2.6 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627) Security Fix(es): rubygem-bundler: Insecure...