9 matches found
Security update for rubygem-bundler
This update for rubygem-bundler fixes the following issues: CVE-2020-36327: Fixed bundler choosing a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen bsc1185842 Other fixes: - Updated to version 2.2.34 Patch...
GHSA-X4Q7-M6FP-4V9V October CMS Safe Mode bypass leads to authenticated Remote Code Execution
Impact This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode cms.safemode...
CVE-2022-35944 October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)
October is a self-hosted Content Management System CMS platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...
Updated dovecot packages fix security vulnerabilities
Dovecot has been updated to version 2.2.34 to fix two security issues. CVE-2017-14461: This vulnerability comes in two flavors. A malicious party can send a specially crafted email to a vulnerable system, causing it to crash dovecot. In some systems, the mail can be stored into the mail system,...
ALPINE-CVE-2017-15130
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart...
DEBIAN-CVE-2017-9788
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...
Apache Httpd < 2.2.34 : ap_get_basic_auth_pw() Authentication Bypass
Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use apgetbasicauthcomponents, available in 2.2.34 and 2.4.26, instead of apgetbasicauthpw. Modules which call the legacy...
PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit
No description provided by source. ?php / ------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Exploit ------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................:...
Disk Pulse Server Stack Remote Buffer Overflow Vulnerability
Disk Pulse Server is prone to remote stack buffer overflow vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...