Security Information and News
Security
adam_ross — tokenauth The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info Adobe — PhotoshopAdobe — Photoshop Elements Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0,…
apprain — apprain Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info Apache Software Foundation — Apache HTTP Server Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the…
apple — mac_os_x Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info alain_barbet — filesys_smbclientparser The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary…
apache — hive In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is…
afian — filerun FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. 2019-06-20 4.3 CVE-2019-12905MISC alpinelinux — abuild Alpine Linux abuild through 3.4.0 allows an unprivileged member of…
3s-smart — multiple_codesys_products 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. 2019-12-20 not…
oracle — graalvm_enterprise_edition Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows…