CVE-2021-39133

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...

Authentication flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

CVE-2021-39132 YAML deserialization can run untrusted code

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

MongoDB Client 'dbshell' Information Disclosure Vulnerability (SERVER-25335) - Linux

MongoDB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

openSUSE Security Update : squid (openSUSE-2016-988)

The Squid HTTP proxy has been updated to version 3.3.14, fixing the following security issues : - Fixed multiple Denial of Service issues in HTTP Response processing. CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc968392, bsc968393, bsc968394, bsc968395 - CVE-2016-3947: Buffer...