737 matches found
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.23 security update
Red Hat OpenShift Container Platform release 4.7.23 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.4 bug fix and security update
Red Hat OpenShift Container Platform release 4.8.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...
CVE-2021-21553
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest...
CVE-2021-32787
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...
CVE-2021-32787
CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...
CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...
Design/Logic Flaw
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...
Security Bulletin: Vulnerabilities in Docker affect IBM Cloud Pak System
Summary Vulnerabilities were identified within Docker shipped as pType component with Cloud Pak System Software. IBM Cloud Pak System Software addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-21285 DESCRIPTION: Docker is vulnerable to a denial of service, caused by improper...
CVE-2021-32678
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller OCSController using the @BruteForceProtection annotation. Risk depends on the installed...
RHEL 7 / 8 : OpenShift Container Platform 4.7.19 (RHSA-2021:2555)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2555 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
CVE-2021-32729
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script right...
Security Bulletin: TLS padding vulnerability affects Informix Client Software Development Kit (CSDK) ( CVE-2014-8730)
Summary Informix Client Software Development Kit CSDK can be affected by a TLS Transport Layer Security padding vulnerability which can allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects IBM Informix Client Software Development Kit...
CVE-2021-32637 Authentication bypassed with malformed request URI
Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...
Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System (CVE-2021-20228)
Summary Ansible, which is used in IBM Elastic Storage System could allow a local authenticated attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2021-20228 DESCRIPTION: Ansible Engine could allow a local authenticated attacker to obtain sensitive information, caused by...
Upgrading/Uninstalling Veeam Backup & Replication fails with "Error 1327. Invalid Drive: [a-z]:\" or "Warning 1327. Invalid Drive [a-z]:\"
Challenge While upgrading or uninstalling Veeam Backup & Replication, the installer stops and displays either of the following messages: Warning 1327. Invalid Drive: F:\ Copy Error 1327. Invalid Drive: F:\ Copy Note: The drive letter in the message may be any drive letter. Cause The settings in t...
CVE-2021-29459
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.7 security update
Red Hat OpenShift Container Platform release 4.7.7 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a...
RHEL 7 / 8 : OpenShift Container Platform 4.7.7 (RHSA-2021:1150)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1150 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.5 security and bug fix update
Red Hat OpenShift Container Platform release 4.7.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...