CVE-2021-39932

Removed by vendor...

JVMXRay - Make Java Security Events Of Interest Visible For Analysis

JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for software quality processes and diagnostics. More about Oracle Java Duke mascot... Contact/Chat Group New ch...

CVE-2021-41131

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

PYSEC-2021-376

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

Security Bulletin: IBM Security Identity Manager Virtual Appliance deprecated Self Service UI contains Struts V1 (CVE-2016-1182)

Summary IBM Security Identity Manager Virtual Appliance made code changes to remove the deprecated function and its associated Struts V1 code library. Vulnerability Details CVEID: CVE-2016-1182 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by the...

What Is CI/CD❓ Concept, How Does It Work

What is CI/CD? The CI/CD idea is a well-known one that has step by step become quite possibly the main methods utilized by DevOps groups to make regular and dependable changes to the code. Continuous Integration CI and Continuous Delivery CD are terms that are utilized to address a lifestyle,...

ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive...

Security update for neomutt (moderate)

openSUSE Security Update: Security update for neomutt Announcement ID: openSUSE-SU-2020:2157-1 Rating: moderate References: 1172906 1172935 1173197 1179035 1179113 Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-28896 Affected Products: openSUSE Backports SLE-15-SP1 An...

Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.1 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.1. It is, therefore, affected by a vulnerability. - OpenSSH software included with PAN-OS has been upgraded to resolve security...

CVE-2019-1010060

NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by...

[SECURITY] Fedora 29 Update: buildbot-1.8.2-1.fc29

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failu...

[SECURITY] Fedora 29 Update: buildbot-1.8.1-1.fc29

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failu...

Security Bulletin: Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 affect IBM Content Collector for SAP Applications (CVE-2015-4872, CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that is used by IBM Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in October 2015 and January 2016 and include the...

Debian DLA-1151-2 : wordpress regression update

The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed as too intrusive and thus the initial patch for CVE-2017-14990 has been...

Cross-Site Scripting in TYPO3 CMS

It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: February 28, 2017 Vulnerability Type: Cross-Site Scripting Affected Versions: 7.6.0 to 7.6.15 and 8.0.0 to 8.6.0 Severity: Low Suggested CVSS v2.0:...

Remote Code Execution in third party library swiftmailer

It has been discovered, that the third party package swiftmailer/swiftmailer is vulnerable to Remote Code Execution Component Type: TYPO3 CMS Release Date: January 3, 2017 Vulnerability Type: Remote Code Execution Affected Versions: 6.2.0 to 6.2.29, 7.6.0 to 7.6.14 and 8.0.0 to 8.5.0 Severity: Lo...

Authentication Bypass in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Authentication Vulnerability Type: Authentication Bypass Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity:...

Cross-Site Scripting in TYPO3 component Backend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.18 Severity: Low Suggested CVSS v2.0:...

Cross-Site Scripting vulnerability in typolinks

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: December 15, 2015 Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.15, 7.0.0 to 7.6.0 Severity: Low Suggested CVSS v2.0:...

Apple Mac OS X Gatekeeper Bypass

Gatekeeper is Mac OS X’s guardian against rogue applications and malware sneaking into Apple’s famous walled garden. It’s also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow at Virus Bulletin in Prague, researcher Patrick Wardle,...