71 matches found
[SECURITY] [DLA 4325-1] redis security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4325-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 09, 2025 https://wiki.debian.org/LTS -...
CVE-2024-6156
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...
RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: InetSocketAddress serialization issue Networking, 7201071 CVE-2013-0433 - Oracle JDK 7: bypass o...
GHSA-RWHV-HVJ2-QRQM Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...
SUSE CVE-2007-3503
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Microsoft Exchange Server 安全漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A security vulnerability exists in Microsoft Exchange Server. The following products and versions a...
Microsoft Exchange Server 代码注入漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code injection vulnerability exists in Microsoft Exchange Server. The followin...
Cross site scripting
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized...
CVE-2021-31835 McAfee ePO Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized...
PT-2021-19537 · Mcafee · Mcafee Epolicy Orchestrator
Name of the Vulnerable Software and Affected Versions: McAfee ePolicy Orchestrator ePO versions prior to 5.10 Update 11 Description: The issue allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized...
Microsoft Exchange Server 输入验证错误漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. An input validation error vulnerability exists in Microsoft Exchange Server. The...
Microsoft Exchange Server 权限许可和访问控制问题漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A vulnerability exists in Microsoft Exchange Server with privilege permission and access control...
Microsoft Exchange Server 跨站脚本漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A cross-site scripting vulnerability exists in Microsoft Exchange Server. The...
Product update: Virtuozzo 7.0 Update 11 Hotfix 2 (7.0.11-304)
The Hotfix 2 for Virtuozzo 7.0.11 fixes a usability issue. Vulnerability id: PSBM-98041 Firewalld failed to start in a CentOS 7.7 container due to a firewalld patch that changed how 'nfconntrack' was loaded...
Security feature bypass
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...
Path traversal
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user...
Command injection
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user...
Product update: Virtuozzo 7.0 Update 11 Hotfix 1 (7.0.11-303)
The Hotfix 1 for Virtuozzo 7.0.11 adds a new feature...
Microsoft Exchange CVE-2019-0586 Remote Memory Corruption Vulnerability
Description Microsoft Exchange is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Exchange Server...
CVE-2017-3008
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability...