Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

Engineers Online Portal 1.0 Cross Site Scripting

Engineers Online Portal version 1.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#vulnerability#dos#sql#vulnerability#ubuntu#vulnerability#sql#ubuntu#vulnerability#vulnerability#vulnerability#vulnerability#apache#vulnerability#red_hat#dos#redis#vulnerability#sql#vulnerability#vulnerability#dos#vulnerability#vulnerability#windows#linux#red_hat#java#windows#red_hat#java#sql#vulnerability#vulnerability
Ubuntu Security Notice USN-5122-1

Ubuntu Security Notice 5122-1 - It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory.

Red Hat Security Advisory 2021-3961-01

Red Hat Security Advisory 2021-3961-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2021-3960-01

Red Hat Security Advisory 2021-3960-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.

Ubuntu Security Notice USN-5121-1

Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.

SAP Enterprise Portal Sensitive Data Disclosure

SAP Enterprise Portal suffers from an sensitive information disclosure vulnerability in the com.sapportals.navigation.testComponent.NavigationRequestSniffer servlet.

Windows IKEEXT AuthIP Unvalidated GSS_ID Privilege Escalation

The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems.

SAP NetWeaver ABAP IGS Memory Corruption

The SAP NetWeaver ABAP IGS service suffers from multiple memory corruption vulnerabilities.

Online Course Registration 1.0 SQL Injection

Online Course Registration version 1.0 suffers from a blind boolean-based remote SQL injection vulnerability.