Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5127-1

Ubuntu Security Notice 5127-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Packet Storm
#vulnerability#red_hat#dos#ubuntu#dos#vulnerability#red_hat#vulnerability#vulnerability#vulnerability#web#red_hat#vulnerability#linux#red_hat#vulnerability#red_hat#java#git#vulnerability#ubuntu#sql#vulnerability#vulnerability#red_hat#dos#red_hat#vulnerability#vulnerability#mac#red_hat#web#ubuntu#dos#java

Related news

Ubuntu Security Notice USN-5132-1

Ubuntu Security Notice 5132-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.

CVE-2020-23054

A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.

Ubuntu Security Notice USN-5107-1

Ubuntu Security Notice 5107-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.

CVE-2021-39889: HackerOne

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

Ubuntu Security Notice USN-5087-1

Ubuntu Security Notice 5087-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2019-7619: Elastic Stack 7.4.0 security update

Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm.

CVE-2019-9530: VU#719689 - Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution