Lucene search
K

48 matches found

Virtuozzo
Virtuozzo
added 2018/02/01 12:0 a.m.66 views

Important product update: Fixes for Meltdown and Spectre exploits in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 21 (6.0.12-3698)

Hotfix 21 for Virtuozzo 6.0 Update 12 provides fixes for Meltdown and Spectre exploits in virtual machines as well as stability and usability bug fixes. NOTE: For clusters with CPU pools, follow the instructions at https://help.virtuozzo.com/customer/en/portal/articles/2919459. Vulnerability id:...

5.6CVSS6.1AI score0.93838EPSS
Exploits13References4
NVD
NVD
added 2017/12/01 8:29 a.m.22 views

CVE-2017-11286

Adobe ColdFusion has an XML external entity XXE injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

7.5CVSS7.7AI score0.08482EPSS
Exploits1References3
OSV
OSV
added 2017/12/01 8:29 a.m.6 views

CVE-2017-11283

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

9.8CVSS5.8AI score0.42721EPSS
Exploits3References3
Prion
Prion
added 2017/12/01 8:29 a.m.22 views

Xxe

Adobe ColdFusion has an XML external entity XXE injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

5CVSS8.2AI score0.08482EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2017/12/01 8:29 a.m.28 views

Deserialization of untrusted data

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

7.5CVSS9.4AI score0.42721EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2017/12/01 8:29 a.m.28 views

CVE-2017-11285

Adobe ColdFusion has a cross-site scripting XSS vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

6.1CVSS6AI score0.02733EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/12/01 8:0 a.m.29 views

CVE-2017-11283

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

9.6AI score0.42721EPSS
Exploits3References3
Cvelist
Cvelist
added 2017/12/01 8:0 a.m.32 views

CVE-2017-11286

Adobe ColdFusion has an XML external entity XXE injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

8.9AI score0.08482EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/12/01 8:0 a.m.35 views

CVE-2017-11284

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

9.6AI score0.42721EPSS
Exploits1References3
CVE
CVE
added 2017/12/01 8:0 a.m.94 views

CVE-2017-11284

CVE-2017-11284 is an insecure deserialization vulnerability in Adobe ColdFusion. The root cause is lack of input validation in the RMI/Flex deserialization path, allowing remote code execution. Affected: ColdFusion 2016 Update 4 and earlier; ColdFusion 11 Update 12 and earlier. Impact (as stated)...

9.8CVSS9.4AI score0.42721EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2017/12/01 8:0 a.m.74 views

CVE-2017-11285

CVE-2017-11285: Adobe ColdFusion XSS vulnerability in CFML processing. Affects ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier. Root cause is cross-site scripting due to improper input handling; exploitation leads to browser-script execution and potential information...

6.1CVSS7.2AI score0.02733EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/12/01 8:0 a.m.65 views

CVE-2017-11286

CVE-2017-11286 – Adobe ColdFusion XXE vulnerability in XML parsing affects ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier. The root cause is an XML External Entity (XXE) injection that could enable sensitive data disclosure via crafted XML input. Public advisories (...

7.5CVSS8.8AI score0.08482EPSS
Exploits1References3Affected Software1
Virtuozzo
Virtuozzo
added 2017/03/06 12:0 a.m.14 views

Product update: Virtuozzo 6.0 Update 12 Hotfix 5 (6.0.12-3672)

The new packages for Virtuozzo 6.0.12 introducing a usability bug fix. Vulnerability id: PSBM-60976 Lack of VNC client capabilities check on host could result in unsupported data being sent to VNC client leading to a disconnection from host with error...

0.9AI score
Exploits0
Virtuozzo
Virtuozzo
added 2017/02/27 12:0 a.m.16 views

Product security update: Virtuozzo 6.0 Update 12 Hotfix 4

The new packages for Virtuozzo 6.0.12 introducing security fixes as well as stability bug fixes. Vulnerability id: PSBM-60778 Possible crash in memcpyfromiovecend triggered from inside container. Vulnerability id: PSBM-59962 Improved isolation for neighbor table settings...

1.5AI score
Exploits0
Virtuozzo
Virtuozzo
added 2017/01/25 12:0 a.m.22 views

Product security update: Virtuozzo 6.0 Update 12 Hotfix 2 (6.0.12-3658)

The new packages for Virtuozzo 6.0 introducing a security fix. Vulnerability id: PSBM-58425 A vulnerability within vzpkg could allow a malicious user to perform a basic symlink attack resulting in files being moved outside of the container and onto the host file system. The issue only affected...

2.7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/08/24 12:0 a.m.29 views

Microsoft Exchange Server Information Disclosure Vulnerability (3160339)

This host is missing an important security update according to Microsoft Bulletin MS16-079. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

5.5CVSS6.1AI score0.22554EPSS
Exploits0References2
Prion
Prion
added 2016/06/16 1:59 a.m.15 views

Information disclosure

Outlook Web Access OWA in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka...

4.3CVSS6.5AI score0.22554EPSS
Exploits0References2
NVD
NVD
added 2013/11/13 1:55 a.m.30 views

CVE-2013-5328

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors...

7.8CVSS6.8AI score0.03113EPSS
Exploits0References1
Prion
Prion
added 2013/11/13 1:55 a.m.25 views

Code injection

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors...

7.8CVSS7.3AI score0.03113EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/11/13 1:0 a.m.24 views

CVE-2013-5326

Cross-site scripting XSS vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related ...

5.4AI score0.01842EPSS
Exploits0References2
Rows per page
Query Builder