CVE-2021-32644

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. Th...

CVE-2021-32644 Cross-site Scripting in Random.php

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. Th...

Akamai Provides Prolexic DDoS Service Impact Update (Status: Resolved)

Akamai experienced an outage for one of its Prolexic DDoS services Routed 3.0 starting at 4:20 AM UTC. We detected the issue immediately, and impacted customers received an error alert within seconds. The impact was limited to Akamai customers using version 3.0 of the Routed service. Many of the...

Akamai Provides Prolexic DDoS Service Impact Update (Status: Resolved)

Akamai experienced an outage for one of its Prolexic DDoS services Routed 3.0 starting at 4:20 AM UTC. We detected the issue immediately, and impacted customers received an error alert within seconds. The impact was limited to Akamai customers using version 3.0 of the Routed service...

Tor 信息泄露漏洞

Tor is a network of virtual tunnels. It allows individuals and groups to increase their privacy and security on the Internet. An information disclosure vulnerability exists in Tor. An attacker could forge RELAYEND or RELAYRESOLVED to end a stream bypassing expected access controls...

Cross site scripting

A cross-site scripting XSS vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10...

CVE-2021-31922

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

CVE-2021-31922

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF) which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c) aka CID-350a5c4dd245.

...

Security Bulletin: Cross-site scripting vulnerability affects IBM Edge (CVE-2020-4792)

Summary IBM Edge is affected by a cross-site scripting vulnerability. IBM Edge has resolved the vulnerability. Vulnerability Details CVEID: CVE-2020-4792 DESCRIPTION: IBM Edge is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

CVE-2021-29648

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally uninitialized in the vmlinux BPF Type Format BTF, which can cause a system crash upon an unexpected access attempt in mapcreate in...

AZL-6551 CVE-2021-29648 affecting package kernel for versions less than 5.10.78.1-1

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolvedids and resolvedsizes are intentionally uninitialized in the vmlinux BPF Type Format BTF, which can cause a system crash upon an unexpected access attempt in mapcreate in...

Security update for connman (moderate)

openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0452-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...

openSUSE Security Update : connman (openSUSE-2021-416)

This update for connman fixes the following issues : Update to 1.39 boo1181751 : - Fix issue with scanning state synchronization and iwd. - Fix issue with invalid key with 4-way handshake offloading. - Fix issue with DNS proxy length checks to prevent buffer overflow. CVE-2021-26675 - Fix issue...

Security update for connman (moderate)

openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0416-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...

September 8, 2020—KB4577038 (Monthly Rollup)

September 8, 2020—KB4577038 Monthly Rollup IMPORTANT Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases known as "C" or "D" releases for this operating system. Operating systems in extended...

GHSA-F92J-QF46-P6VM Reflected Cross-site Scripting in ACS Commons

Impact ACS Commons version 4.9.2 and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript...

Reflected Cross-site Scripting in ACS Commons

Impact ACS Commons version 4.9.2 and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript...

Security Bulletin: IBM MQ Appliance is affected by multiple nss and nspr vulnerabilities

Summary IBM MQ Appliance has resolved multiple nss and nspr vulnerabilities. Vulnerability Details CVEID: CVE-2019-11719 DESCRIPTION: Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when importing a curve25519 private key in...

Hotfix XS82E014 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX286756 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...