Security Updates for Microsoft Office Online Server (May 2023)
The Microsoft Office Web Apps installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An att ...
Continue Reading
May 10, 2023
[SECURITY] Fedora 38 Update: nmstate-2.2.10-4.fc38
Nmstate is a library with an accompanying command line tool that manages ho st networking settings in a declarative manner and aimed to satisfy enterprise needs to manage host networking through a nor ...
Continue Reading
May 08, 2023
Improper Privilege Management
microweber/microweber is vulnerable to Improper Privilege Management . The vulnerability exists due lack of authorization checks in the `apiResource` parameter of `api.php` which allows an attacker to ...
Continue Reading
May 07, 2023
Amazon Linux AMI : tomcat7 (ALAS-2023-1738)
The version of tomcat7 installed on the remote host is prior to 7.0.109-1.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1738 advisory. - Apache Commons Fi ...
Continue Reading
May 04, 2023
CVE-2017-20184
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any ...
Continue Reading
May 04, 2023
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2023-176)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-176 advisory. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back- ...
Continue Reading
May 04, 2023
PYSEC-2023-42
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.Read More ...
Continue Reading
May 04, 2023
(RHSA-2023:2107) Moderate: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the M ...
Continue Reading
May 04, 2023
CVE-2023-28724
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.  ...
Continue Reading
May 03, 2023
CVE-2023-24461
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions whi ...
Continue Reading
May 03, 2023
