Security Information and News
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info Apache Software Foundation — Apache HTTP Server Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the…
apple — mac_os_x Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted…
PrimaryVendor — Product Description Discovered Published CVSS Score Source & Patch Info alain_barbet — filesys_smbclientparser The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary…
adtran — netvanta_7060 Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or…
activerecord-session_store — activerecord-session_store The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed…
oracle — graalvm_enterprise_edition Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows…
arris — ruckus_wireless_unleashed webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP…
References to Advisories, Solutions, and Tools By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information…
CVE-2015-10096 Detail Awaiting Analysis This vulnerability is currently awaiting analysis. Description A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This…
activerecord-session_store — activerecord-session_store The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed…