61 matches found
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs th...
Microsoft Patch Tuesday, July 2025 Edition
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they...
CVE-2025-52488
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...
Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes
This update fixes the following issues: release-notes-susemanager: Update to SUSE Manager 4.3.15.2 SUSE Manager 4.3 will transition to LTS after June 2025 CVE Fixed CVE-2023-45288, CVE-2024-11741, CVE-2024-45337, CVE-2024-45339 CVE-2024-51744, CVE-2024-9264, CVE-2024-9476, CVE-2025-22870...
Security update for rabbitmq-server
This update for rabbitmq-server fixes the following issues: CVE-2025-30219: Fixed XSS in an error message in Management UI bsc1240071 Other fixes: - Disable parallel make, this causes build failures Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...
CVE-2023-42450
Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...
code-server's session cookie can be extracted by having user visit specially crafted proxy URL
Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...
CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15
CVE-2025-26596 affecting package xorg-x11-server for versions less than 1.20.10-15. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2024-21171
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and...
CVE-2024-21885 affecting package xorg-x11-server for versions less than 1.20.10-10
CVE-2024-21885 affecting package xorg-x11-server for versions less than 1.20.10-10. A patched version of the package is available...
Security Bulletin: Multiple vulnerabilities in Akka affect IBM Application Performance Management products.
Summary Akka actor jar is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2017-1000034 DESCRIPTION: Akka could allow a remote attacker to execute arbitrary code on the system, caused by a Java...
Security Bulletin: Multiple vulnerabilities in Lightbend Spray spray-json affect IBM Application Performance Management products.
Summary Lightbend Spray spray-json is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-18854 DESCRIPTION: Lightbend Spray spray-json is vulnerable to a denial of service, caused by an error during the parsing of many JSON object fields. By sending a...
Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products
Summary Apache Batik is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker...
Security Bulletin: Multiple vulnerabilities in commons-codec-1.10.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in commons-codec-1.10.jar used by IBM Application Performance Management. IBM Applicatoon Performance Management has addressed the applicable CVEs. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attack...
CVE-2021-41143 OpenMage LTS arbitrary file deletion in customer media allows for remote code execution
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...
Security Bulletin: Multiple vulnerabilities in IBM Websphere Application Server affect the IBM Performance Management product
Summary Multiple vulnerabilities in IBM Websphere Application Server - Liberty could allow a remote attacker to exploit them to cause a denial of service condition against services that use Compress' zip package. IBM Performance Management has addressed the applicable CVEs. Vulnerability Details...
CVE-2021-32691
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...
Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' CVE-2020-1472...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2019-4304)
Summary A vulnerability in IBM Websphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM Performance Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM...
Security Bulletin: A vulnerability in IBM Websphere Application Server affects the IBM Performance Management product (CVE-2018-1901)
Summary IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. Vulnerability Details CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to...