Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

Simplephpscripts Simple CMS 2.1 Cross Site Scripting

Simplephpscripts Simple CMS version 2.1 suffers from multiple cross site scripting vulnerabilities.

Packet Storm
Open in Source
#vulnerability#red_hat#vulnerability#ubuntu#vulnerability#red_hat#kubernetes#linux#vulnerability#vulnerability#mac#red_hat#vulnerability#vulnerability#sql#vulnerability#vulnerability#sql#vulnerability#vulnerability#ios#ubuntu#vulnerability#linux#red_hat#java#ubuntu#dos#sql#vulnerability#vulnerability#red_hat#vulnerability#vulnerability#sql#vulnerability#vulnerability#vulnerability
Ubuntu Security Notice USN-5123-2

Ubuntu Security Notice 5123-2 - USN-5123-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. Various other issues were also addressed.

Gestionale Open 11.00.00 Privilege Escalation

Gestionale Open version 11.00.00 suffers from a local privilege escalation vulnerability.

Ubuntu Security Notice USN-5123-1

Ubuntu Security Notice 5123-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

WordPress 4.9.6 Arbitrary File Deletion

WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018.

WordPress Ninja Tables 4.1.7 Cross Site Scripting

WordPress Ninja Tables plugin version 4.1.7 suffers from a persistent cross site scripting vulnerability.

Botan C++ Crypto Algorithms Library 2.18.2

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication

FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities.

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).

Red Hat Security Advisory 2021-3971-01

Red Hat Security Advisory 2021-3971-01 - Redis is an advanced key-value store. Issues addressed include denial of service and integer overflow vulnerabilities.