2289 matches found
CVE-2021-3962
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this...
Jenkins Enterprise and Operations Center < 2.277.43.0.2 / 2.303.3.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-11-04)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.2, or 2.x prior to 2.303.3.3. It is, therefore, affected by multiple vulnerabilities, including the following: - Agent processes are able to completely bypass file path...
gcc security and bug fix update
8.5.0-3.0.2 - Fix Orabug 33451471 and backport CTF/BTF enhancements ctfc: Free CTF container elements in ctfcdeletecontainer ctf: Do not warn for CTF not supported for GNU GIMPLE ICE in btffinalize when compiling with -gbtf PR debug/102507, Orabug 33451471 Reviewed-by: Jose E. Marchesi 8.5.0-3.0....
How Open Systems uses Microsoft tools to improve security maturity
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. We’ve all seen it happen—an organization has all the top-notch security tools in place and still, they get breached. In today’s rapidly evolving threat landscape, complexity leads to...
Memory corruption
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...
CVE-2021-3064
CVE-2021-3064 affects PAN-OS GlobalProtect portal and gateway interfaces on PAN-OS 8.1.x before 8.1.17, causing memory corruption that can lead to unauthenticated remote code execution with root privileges when an attacker can reach the GlobalProtect service port (default 443) over the network. T...
PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the...
Moderate: python-psutil security update
psutil is a module providing an interface for retrieving information on all running processes and system utilization CPU, memory, disks, network, users in a portable way by using Python. Security Fixes: python-psutil: double free because of refcount mishandling CVE-2019-18874 For more details abo...
SUSE SLED15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2021:3603-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3603-1 advisory. - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak bsc1191937. Tenable has extracted the preceding description block...
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
Design/Logic Flaw
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21690
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier...
CVE-2021-21690
Jenkins prior to 2.319 (and LTS 2.303.3 previously) is affected by CVE-2021-21690 where agent processes can completely bypass file path filtering by wrapping file operations in an agent file path. This allows potential reading/writing of arbitrary files on the Jenkins controller and is part of a ...
New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed "Shrootless"...
CVE-2021-22453
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS 2.0 previously had a security vulnerability that could be exploited by an attacker to cause nearby processes to crash...
HUAWEI HarmonyOS 缓冲区错误漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS handles a data out-of-bounds vulnerability in the Bluetooth protocol, which could be exploited by local attackers to cause nearby processes to crash...
Huawei HarmonyOS 代码问题漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in HarmonyOS prior to version 2.0, which stems from a null pointer dereference vulnerability in a component of...