33 matches found
.NET 9.0 Update - January 13, 2026
.NET 9.0 Update - January 13, 2026 .NET 9.0 has been refreshed with the latest update as of January 13, 2026. This update contains non-security fixes. See the release notes for details about updated packages..NET 9.0 servicing updates are upgrades. The latest servicing update for 9.0 will remove...
Description of the security update for Office 2016: November 11, 2025 (KB5002810)
Description of the security update for Office 2016: November 11, 2025 KB5002810 Summary This security update resolves a Microsoft Excel information disclosure vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposure...
XenServer Security Update for CVE-2025-27465
Severity: Medium Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. This issue has the following identifier: CVE-2025-27465 Affected Versions This issue affects XenServer 8.4. Note th...
May 14, 2024-KB5038282 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022
May 14, 2024-KB5038282 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows Server 2022 Release Date: May 14, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows Server 2022. Security...
Edge browser feature sends images you view back to Microsoft
A relatively new service provided by Microsofts browser Edge sends images you've viewed online back to Microsoft. A new feature labelled Enhance images in Microsoft Edge has raised some privacy concerns. The feature is designed to upscale low resolution images, making them sharper, and improving...
.NET 7.0 Update - March 14, 2023 (KB5024672)
.NET 7.0 Update - March 14, 2023 KB5024672 NET 7.0 has been refreshed with the latest update as of March 14, 2023. This update contains non-security fixes. See the release notes for details on updated packages..NET 7.0 servicing updates are upgrades. The latest servicing update for 7.0 will remov...
SUSE CVE-2018-11805
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party ....
EulerOS 2.0 SP2 : spamassassin (EulerOS-SA-2021-2450)
According to the versions of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this,...
August 10, 2021 Public preview security update (KB5005039)
August 10, 2021 Public preview security update KB5005039 Improvements and fixes This public preview security update includes quality improvements. Key changes include: This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for...
CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
CVE-2020-1946 Apache SpamAssassin has an OS Command Injection vulnerability
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands
The Apache SpamAssassin project reports: Apache SpamAssassin 3.4.5 was recently released 1, and fixes an issue of security note where malicious rule configuration .cf files can be configured to run system commands. In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of...
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...
UBUNTU-CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
CVE-2020-1931
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian...
Medium: spamassassin
Issue Overview: In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. CVE-2019-12420 In Apache SpamAssassin before 3.4.3, nefarious CF files can b...
CVE-2020-1930
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration .cf files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same...
Command injection
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration .cf files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same...