48 matches found
Important product update: Fixes for Meltdown and Spectre exploits in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 21 (6.0.12-3698)
Hotfix 21 for Virtuozzo 6.0 Update 12 provides fixes for Meltdown and Spectre exploits in virtual machines as well as stability and usability bug fixes. NOTE: For clusters with CPU pools, follow the instructions at https://help.virtuozzo.com/customer/en/portal/articles/2919459. Vulnerability id:...
CVE-2017-11286
Adobe ColdFusion has an XML external entity XXE injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
CVE-2017-11283
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
Xxe
Adobe ColdFusion has an XML external entity XXE injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
Deserialization of untrusted data
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
CVE-2017-11285
Adobe ColdFusion has a cross-site scripting XSS vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
CVE-2017-11283
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
CVE-2017-11286
Adobe ColdFusion has an XML external entity XXE injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
CVE-2017-11284
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...
CVE-2017-11284
CVE-2017-11284 is an insecure deserialization vulnerability in Adobe ColdFusion. The root cause is lack of input validation in the RMI/Flex deserialization path, allowing remote code execution. Affected: ColdFusion 2016 Update 4 and earlier; ColdFusion 11 Update 12 and earlier. Impact (as stated)...
CVE-2017-11285
CVE-2017-11285: Adobe ColdFusion XSS vulnerability in CFML processing. Affects ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier. Root cause is cross-site scripting due to improper input handling; exploitation leads to browser-script execution and potential information...
CVE-2017-11286
CVE-2017-11286 – Adobe ColdFusion XXE vulnerability in XML parsing affects ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier. The root cause is an XML External Entity (XXE) injection that could enable sensitive data disclosure via crafted XML input. Public advisories (...
Product update: Virtuozzo 6.0 Update 12 Hotfix 5 (6.0.12-3672)
The new packages for Virtuozzo 6.0.12 introducing a usability bug fix. Vulnerability id: PSBM-60976 Lack of VNC client capabilities check on host could result in unsupported data being sent to VNC client leading to a disconnection from host with error...
Product security update: Virtuozzo 6.0 Update 12 Hotfix 4
The new packages for Virtuozzo 6.0.12 introducing security fixes as well as stability bug fixes. Vulnerability id: PSBM-60778 Possible crash in memcpyfromiovecend triggered from inside container. Vulnerability id: PSBM-59962 Improved isolation for neighbor table settings...
Product security update: Virtuozzo 6.0 Update 12 Hotfix 2 (6.0.12-3658)
The new packages for Virtuozzo 6.0 introducing a security fix. Vulnerability id: PSBM-58425 A vulnerability within vzpkg could allow a malicious user to perform a basic symlink attack resulting in files being moved outside of the container and onto the host file system. The issue only affected...
Microsoft Exchange Server Information Disclosure Vulnerability (3160339)
This host is missing an important security update according to Microsoft Bulletin MS16-079. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Information disclosure
Outlook Web Access OWA in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka...
CVE-2013-5328
Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors...
Code injection
Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2013-5326
Cross-site scripting XSS vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related ...