[SECURITY] Fedora 34 Update: python-aiohttp-3.7.4-1.fc34

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webserve rs with middlewares and pluggable routing...

Design/Logic Flaw

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected...

Owncloud Cross-Site Request Forgery Vulnerability

Owncloud ownCloud is a set of personal cloud storage solutions from the American company ownCloud Owncloud. A cross-site request forgery vulnerability exists in OwnCloud Core, which stems from a WEB application that does not adequately validate whether a request is coming from a trusted user, and...

CVE-2021-22977

On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

Puppet Security Vulnerabilities

Puppet is a set of configuration management tools based on a client/server C/S architecture from Puppet Labs in the United States, which can be used to manage profiles, users, cron tasks, packages, system services, etc.Puppet Agent is a Puppet agent end-program. Puppet Agent has a security...

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

DEBIAN-CVE-2020-14782

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

UBUNTU-CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Information leakage vulnerability in Zijinqiao monitoring configuration software

Zijinqiao monitoring and configuration software is a professional Zijinqiao monitoring and configuration software, which adopts C/S architecture and has database processing technology and graphic system. There is an information disclosure vulnerability in Zijinqiao Monitoring and Configuration...

How DNS(Domain Name System) works with GSLB feature on NetScaler

The Domain Name SystemDNS system is considered as a distributed database which uses the Client/Server architecture. Name Servers are the servers in the architecture, and the resolvers are the clients that are typically library routines installed on an operating system that create and send queries...

UBUNTU-CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client spice-gtk and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

[SECURITY] Fedora 33 Update: community-mysql-8.0.21-11.fc33

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2020-26149

NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server...

freerdp: out-of-bounds read in cliprdr_read_format_list function

In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdrreadformatlist. Clipboard format data read by client or server might read data out-of-bounds. This has been fixed in 2.1.0...

Fedora: Security Advisory for netty (FEDORA-2020-66b5f85ccc)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: netty-4.1.51-1.fc33

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application wil...

wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...