70 matches found
RLSA-2022:1975 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: fget: check that the fd still exists after getting a ref to it CVE-2021-4083 kernel: avoid cyclic entity chains due to malformed U...
SUSE: Security Advisory (SUSE-SU-2021:14811-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...
PT-2021-15277 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.4.1 Node.js versions prior to 14.17.2 Node.js versions prior to 12.22.2 Description: The issue allows for local privilege escalation attacks under certain conditions on Windows platforms due to improper...
PT-2019-5870 · Imagemagick +5 · Imagemagick +5
Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.9-0 Description: A flaw was found in ImageMagick in MagickCore/statistic.c, related to an integer overflow of the value. An attacker who submits a crafted file that is processed by ImageMagick could trigger...
PT-2019-13346 · Otrs +2 · Otrs +2
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.0.x through 7.0.8 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.36 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.19 Description: An issue...
PT-2020-5868 · Go +1 · Crypto/X509 +5
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.12.16 Go versions 1.13.x prior to 1.13.7 crypto/cryptobyte package versions prior to 0.0.0-20200124225646-8b5121be2f68 Description: The issue is related to errors in the certificate authentication procedure in the...
Intel® RAID Web Server 3 Service Advisory
Summary: A potential security vulnerability in the Intel® Raid Web Server 3 may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12161 Description: Insufficient session validation in the webserver...
CentOS Update for microcode_ctl CESA-2018:0093 centos7
Check the version of microcodectl SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882828";...
Medium: krb5
Issue Overview: It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server,...