Debian: Security Advisory (DLA-3149-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:3212-1 Security update for rubygem-rake

This update for rubygem-rake fixes the following issues: - CVE-2020-8130: Fixed a command injection when supplying a filename that began with the pipe character bsc1164804...

SUSE-SU-2022:1306-1 Security update for git

This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree bsc1198234...

ROS-2-808

2.808 Denial of Service in Open vSwitch CVE-2020-35498 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01134 2. Possible measures to...

Medium: kernel-livepatch-4.14.252-195.483

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.252-195.483 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.252-195.483 or yum update --advisory ALAS2LIVEPATCH-2021-069 to update your system. New...

Medium: kernel-livepatch-4.14.246-187.474

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.246-187.474 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.246-187.474 or yum update --advisory ALAS2LIVEPATCH-2021-072 to update your system. New...

ROS-2-929

2.929 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...

ROS-2-1274

2.1274 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-29957, CVE-2021-29956 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass security restrictions imposed.FSTEC Russia Information Security Threat Data Bank Identifier: BDU:2021-02725, BDU:2021-02726 2...

ROS-2-1915

2.1915 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

CVE-2021-33191

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

CVE-2021-33191 MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

Important: kernel-livepatch-4.14.231-173.360

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.231-173.360 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.231-173.360 or yum update --advisory ALAS2LIVEPATCH-2021-058 to update your system. New...

Important: kernel-livepatch-4.14.232-176.381

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.232-176.381 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.232-176.381 or yum update --advisory ALAS2LIVEPATCH-2021-054 to update your system. New...

Important: kernel-livepatch-4.14.232-177.418

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.232-177.418 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.232-177.418 or yum update --advisory ALAS2LIVEPATCH-2021-059 to update your system. New...

SUSE: Security Advisory (SUSE-SU-2021:1951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-3134 · Unknown +10 · Postgresql +9

Name of the Vulnerable Software and Affected Versions: postgresql affected versions not specified Description: A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server...

Amazon Linux AMI : curl (ALAS-2020-1444)

The version of curl installed on the remote host is prior to 7.61.1-12.95. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1444 advisory. A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's mul...

WAGO PFC200 OS Command Injection Vulnerability (CNVD-2020-19519)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. The WAGO PFC200 suffers from an operating system command injection vulnerability that can be exploited by an attacker to inject operating system commands into the value of the TimeoutPrepared parameter contained in the...

DEBIAN-CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...