CVE-2022-42341
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitra ...
Continue Reading
October 14, 2022
Updated lighttpd packages fix security vulnerability
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the ser ...
Continue Reading
October 13, 2022
CVE-2022-37208
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.Re ...
Continue Reading
October 13, 2022
Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a la ...
Continue Reading
October 12, 2022
Description of the security update for SharePoint Enterprise Server 2016: October 11, 2022 (KB5002287)
None ## Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: * [Mic ...
Continue Reading
October 12, 2022
Description of the security update for SharePoint Server 2019: October 11, 2022 (KB5002278)
None ## Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: * [Mic ...
Continue Reading
October 12, 2022
Description of the security update for SharePoint Server Subscription Edition: October 11, 2022 (KB5002290)
None ## Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: * [Mic ...
Continue Reading
October 12, 2022
ZoneMinder Information Disclosure Vulnerability
ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, etc. ZoneMinder is vulnerable to an information disclosure vulnerability that stems fr ...
Continue Reading
October 12, 2022
Improper Authorization
apache_airflow is vulnerable to improper authorization. A deactivated user is able to continue using the UI or the API with an already authenticated session due to the insufficient checks in `create_a ...
Continue Reading
October 11, 2022
gnutls and nettle security, bug fix, and enhancement update
gnutls [3.7.6-12] - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutls_key_generate with short key sizes non-approved - fip ...
Continue Reading
October 11, 2022
