6348 matches found
Xen / ARM Boot Modules Are Not Scrubbed Information Exposure (XSA-372)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an information disclosure vulnerability as boot modules are not scrubbed. The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen...
Update of perl-Pod-Simple, perl-IO-Compress-Bzip2, perl-Log-Message, perl-CPANPLUS, perl-Parse-CPAN-Meta, perl-Archive-Tar, perl-Locale-Maketext-Simple, perl-Compress-Raw-Zlib, perl-ExtUtils-MakeMaker, perl-version, perl-Params-Check, perl-Module-CoreList, perl-parent, perl-Log-Message-Simple, perl-IO-Compress-Base, perl-Archive-Extract, perl-Test-Harness, perl-Module-Load, perl-Compress-Zlib, perl-Module-Pluggable, perl-Pod-Escapes, perl-Module-Build, perl-Module-Loaded, perl-Test-Simple, perl-Term-UI, perl-Package-Constants, perl-Object-Accessor, perl-Digest-SHA, perl-ExtUtils-ParseXS, perl-File-Fetch, perl-Time-HiRes, perl-Compress-Raw-Bzip2, perl-Time-Piece, perl-CGI, perl-ExtUtils-CBuilder, perl-IO-Zlib, perl-Module-Load-Conditional, perl-IO-Compress-Zlib, perl-ExtUtils-Embed, perl-IPC-Cmd, perl-CPAN
...
org.apereo.cas:cas-server-support-gauth (>=6.0.0 <=6.1.7.1), org.apereo.cas:cas-server-support-gauth-core (>=6.0.0 <=6.1.7.1) +8 more potentially affected by CVE-2020-27178 via org.apereo.cas:cas-server-support-otp-mfa-core (>=6.0.0 <=6.1.7.1)
org.apereo.cas:cas-server-support-otp-mfa-core MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.0, =6.0.0, =6.0.0, =6.1.0, =6.1.7.1 Source cves: CVE-2020-27178 Source advisory: OSV:GHSA-Q39C-5VH5-VW2P...
org.apereo.cas:cas-server-support-gauth (>=6.2.0 <=6.2.3), org.apereo.cas:cas-server-support-gauth-core (>=6.2.0 <=6.2.3) +9 more potentially affected by CVE-2020-27178 via org.apereo.cas:cas-server-support-otp-mfa-core (>=6.2.0 <=6.2.3)
org.apereo.cas:cas-server-support-otp-mfa-core MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.3 Source cves: CVE-2020-27178 Source advisory: OSV:GHSA-Q39C-5VH5-VW2P...
shadowbroker
This repository, zhangyouren/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploit modules, payloads...
Default configuration
The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...
Update of perl-Pod-Simple, perl-Log-Message-Simple, perl-Object-Accessor, perl-IPC-Cmd, perl-ExtUtils-MakeMaker, perl-Compress-Raw-Zlib, perl-CPAN, perl-CGI, perl-Digest-SHA, perl-Module-Loaded, perl-parent, perl-Module-CoreList, perl-Compress-Raw-Bzip2, perl-File-Fetch, perl-version, perl-ExtUtils-Embed, perl-Locale-Maketext-Simple, perl-Time-HiRes, perl-Module-Load-Conditional, perl-IO-Compress-Bzip2, perl-ExtUtils-CBuilder, perl-Term-UI, perl-Module-Build, perl-Pod-Escapes, perl-IO-Compress-Base, perl-Parse-CPAN-Meta, perl-Time-Piece, perl-Params-Check, perl-Module-Pluggable, perl-Archive-Tar, perl-IO-Compress-Zlib, perl-Package-Constants, perl-Test-Simple, perl-Test-Harness, perl-IO-Zlib, perl-ExtUtils-ParseXS, perl-Archive-Extract, perl-CPANPLUS, perl-Log-Message, perl-Module-Load, perl-Compress-Zlib
...
CVE-2020-21808
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php...
Fedora: Security Advisory for varnish-modules (FEDORA-2021-cf7585f0ca)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: varnish-modules-0.17.1-2.fc34
This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...
ansible: multiple modules expose secured values
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...
ansible: multiple modules expose secured values
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...
Amazon Linux AMI : containerd (ALAS-2021-1523)
The version of containerd installed on the remote host is prior to 1.4.6-2.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1523 advisory. A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file...
SUSE SLES12 Security Update : containerd (SUSE-SU-2021:2413-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2413-1 advisory. - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. bsc1188282 Tenable has extracted...
CVE-2021-32773
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...
CVE-2021-32773
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...
UBUNTU-CVE-2021-32773
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...
Design/Logic Flaw
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...
[ASA-202107-39] racket: sandbox escape
Arch Linux Security Advisory ASA-202107-39 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-32773 Package : racket Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-2175 Summary ======= The package racket before version 8.2...
CVE-2021-32773 Confused deputy attack in sandbox module resolution
Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...