openSUSE: Security Advisory for go1.17 (SUSE-SU-2022:1167-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for go1.16 (SUSE-SU-2022:1164-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2022-3417 · Apple +8 · Ipados +13

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 15.5 Apple iPadOS versions prior to 15.5 Apple macOS versions prior to 12.4 Apple Safari versions prior to 15.5 Apple tvOS versions prior to 15.5 Apple watchOS versions prior to 8.6 Description: A memory corruption...

Drupal cross site scripting vulnerability

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...

GHSA-WM86-W3CF-H6VM Drupal external link injection vulnerability

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

Drupal external link injection vulnerability

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...

GHSA-8J9G-C9RP-JVG4 Salt vulnerable to Improper Certificate Validation

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), be.objectify:deadbolt-core_2.10 (>=2.2.0 <=2.4.3) +1203 more potentially affected by CVE-2014-3558 via org.hibernate:hibernate-validator (>=5.0.0.Alpha1 <=5.1.1.Final)

org.hibernate:hibernate-validator MAVEN version =5.0.0.Alpha1, =1.0.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.0.0, =4.0.0.Final, =4.3.0-beta-3 - br.com.caelum:vraptor-musicjungle =4.0.0-beta-1 - br.com.ingenieux.dropwizard:dropwizard-envvar =0.0.1 -...

RogueAssemblyHunter - Rogue Assembly Hunter Is A Utility For Discovering 'Interesting' .NET CLR Modules In Running Processes

Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. Author: @bohops License: MIT Project: https://github.com/bohops/RogueAssemblyHunter Background .NET is a very powerful and capable development platform and runtime framework for building and...

GHSA-HX44-C87V-P6XG Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

Opencast has Incorrect Permission Assignment

In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role...

trytond-account (>=4.2.0 <=4.2.11), trytond-account-asset (>=4.2.0 <=4.2.3) +99 more potentially affected by CVE-2017-0360 via trytond (=4.2.22)

trytond PYPI version =4.2.22 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - trytond-account =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.0, =4.2.1 and more Source cves: CVE-2017-0360 Source advisory: OSV:GHSA-7CWG-2575-3...

com.redhat.rhevm.api:rhevm-api (>=0.1-milestone <=1.0-rc1.21), com.redhat.rhevm.api:rhevm-api-cli-actions (>=0.9-milestone1 <=0.9-milestone-4.4) +21 more potentially affected by CVE-2018-1051 via org.jboss.resteasy:resteasy-yaml-provider (>=2.0-RC1 <=3.0.24.Final)

org.jboss.resteasy:resteasy-yaml-provider MAVEN version =2.0-RC1, =0.1-milestone, =0.9-milestone1, =0.1-milestone, =0.1-milestone, =0.9-milestone1, =0.1-milestone, =0.1-milestone, =0.9-milestone1, =0.9-milestone3, =0.9-milestone1, =0.9-milestone1, =0.9-milestone3, =0.9-milestone1, =0.1-milestone,...

ch.inftec.ju:ju-dbutil (>=4.1 <=4.5.1-rc-8), ch.inftec.ju:ju-dbutil-test (=4.1) +658 more potentially affected by CVE-2015-7501 via net.sourceforge.collections:collections-generic (=4.01)

net.sourceforge.collections:collections-generic MAVEN version =4.01 is affected by a known vulnerability. The following packages have a transitive dependency on net.sourceforge.collections:collections-generic and may be impacted: - ch.inftec.ju:ju-dbutil =4.1, =4.4-5, =4.4-4, =4.1, =4.1, =4.1,...

net.osgiliath.framework:net.osgiliath.features.karaf-features-full (>=0.0.1 <=0.0.3), net.osgiliath.framework:net.osgiliath.features.karaf-features-jpa (>=0.0.1 <=0.0.3) +48 more potentially affected by CVE-2015-7501 via org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections (>=3.2.1_1 <=3.2.1_3)

org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections MAVEN version =3.2.11, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.2.0, =1.0.2, =1.0.8 - org.frie...

cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.soap:cloud-altemistafwk-core-soap-wss (>=3.0.0.RELEASE <=3.1.0.RELEASE) +927 more potentially affected by CVE-2017-12624 via org.apache.cxf:cxf-core (>=3.1.0 <=3.1.13)

org.apache.cxf:cxf-core MAVEN version =3.1.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =5.0.0, =1.0.0, =2.3.3, =1.0, =0.2, =0.2, =0.4 - com.github.arucard21.simplyrestful:simplyrestful-spring-boot =0.1 and more Source cves: CVE-2017-12624...

ai.hyacinth.framework:core-service-bus-support (>=0.5.0 <=0.5.21), at.chrl:chrl-jms (=1.1.0) +3935 more potentially affected by CVE-2022-22971 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=5.2.21.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.5.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 and more Source cves: CVE-2022-22971 Source advisory: OSV:GHSA-RQPH-VQWM-22VC...

Rocky Linux-system-roles bug fix and enhancement update

An update is available for rhel-system-roles. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Rocky Linux-system-roles package includes a collection of Ansib...

5.32 metadata for the Rocky Linux 8 module matrix (2/4)

An update is available for perl-DBD-Pg, perl-DBI, perl-IO-HTML, perl-LWP-MediaTypes, perl-Data-Dump, perl-FCGI, perl-HTTP-Message, perl-Net-HTTP, perl-File-pushd, perl-Try-Tiny, perl-Digest-HMAC, perl-HTML-Parser, perl-NTLM, perl-Mozilla-CA, perl-IO-Socket-SSL, perl-libwww-perl, perl-Encode-Local...

5.32 metadata for the Rocky Linux 8 module matrix (3/4)

An update is available for perl-DBD-Pg, perl-Parse-PMFile, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-CPAN-DistnameInfo, perl-CPAN-Meta-Check, perl-FCGI, perl-DBD-MySQL, perl-App-cpanminus, perl-File-pushd, perl-String-ShellQuote, perl-Module-CPANfile. This update affects Rocky Linux 8. A Common...