similar to: [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configuration

Hello Experts, When we can expect Security Update for Perl Vulnerability CVE-2016-1238 on CentOS 6.8 and 7.2? -- With Thanks & Regards: Sidharth Sharma

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a |

A security vulnerability has been disclosed in Ruby on Rails, assigned CVE-2013-0333. The vulnerability in the JSON code for Ruby on Rails allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. CVE details on the vulnerability can be found here:

Package: xen-3.0 Severity: important Hi The following CVE[0] was issued against xen. Can you please check, if the Debian versions are affected? The CVE says: The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3496 / XSA-14 version 3 XENMEM_populate_physmap DoS vulnerability UPDATES IN VERSION 3 ==================== Public release. Credit Matthew Daley. ISSUE DESCRIPTION ================= XENMEM_populate_physmap can be called with invalid flags. By calling it with

Dear openssh developers, can you please check, whether the vulnerability of openSSL (CVE-2014-0224): http://www.openssl.org/news/secadv_20140605.txt openssh affects? Many thanks Van Cu Truong Tel.: +49 (211) 399 33598 Mobile: +49 (163) 1651728 cu.truongl at atos.net<mailto:cu.truongl at atos.net> Otto-Hahn-Ring 6 81739 M?nchen, Deutschland de.atos.net

https://bugzilla.redhat.com/show_bug.cgi?id=1251157 This is not a vulnerability in libguestfs, but because we always give a virtio-serial port to each guest (since that is how guest-host communication happens), an escalation from the appliance to the host qemu process is possible. This could affect you if: - your libguestfs program runs untrusted programs out of the guest (eg. using

Not strictly a CentOS issue, but users of the Nvidia drivers should be aware of this. See their announcement[1] for details. Users of the the manufacturer's driver, or the ELRepo kmod-nvidia driver[2] should update ASAP to the new version. Phil [1] http://www.nvnews.net/vbulletin/showthread.php?t=178006 [2] http://elrepoproject.blogspot.com/2012/04/nvidia-driver-that-fixes-security.html

Hi All, I am using CentOS 5.5 with gcc version 2.5.123.el5. I just wanted to check whether the CVE-2015-1781 is fixed in the current version? How can I do that? Right now I dont have access to that machine, so I wanted to check whether its fixed online ( not via shell)? Thanks for the help. -- Thanks & Regards, Venkateswara Rao Dokku.

On Fri, Jun 5, 2015 at 10:26 AM, Venkateswara Rao Dokku <dvrao.584 at gmail.com> wrote: > Hi All, > > I am using CentOS 5.5 with gcc version 2.5.123.el5. Are you really on 5.5? You should consider updating to 5.11. > I just wanted to check whether the CVE-2015-1781 is fixed in the current > version? > > How can I do that? > > > Right now I dont have access to

On Fri, Jun 5, 2015 at 10:48 AM, Venkateswara Rao Dokku <dvrao.584 at gmail.com> wrote: > Thanks for the reply. > > Where can we get the info regarding whether its fixed in CentOS 5 or not? > > I did rpm -q --changelog <glibc> | grep <CVE> > > but I dont find any info on this. > > This might means 3 things. > 1. The version is not affected so no fix

Hello Experts, When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2? ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability: CVE-2016-2775 -- With Thanks & Regards: Sidharth Sharma

Sidharth Sharma: > > When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2? > ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability: >CVE-2016-2775 See: https://access.redhat.com/security/cve/cve-2016-2775 James Pearson

On 09/21/2016 02:02 PM, ?????? wrote: > Hello, > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > them are fixed/patched or have some kind of workaround. But I can't find > a way to fix this one. Red Hat state: under investigation. > >

https://pci.qualys.com/static/help/merchant/questionnaires/compensating_controls_definition.htm Eero 2016-09-21 14:02 GMT+03:00 ?????? <proxy-one at mail.ru>: > Hello, > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > them are fixed/patched or have some kind of workaround.

On 09/21/2016 05:43 AM, ?????? wrote: > On 2016-Sep-21 14:35, Adrian Sevcenco wrote: >> On 09/21/2016 02:02 PM, ?????? wrote: >>> Hello, >>> >>> My server with CentOS 6.8 just failed PCI scan, so I'm looking into >>> vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of >>> them are fixed/patched or have some kind of

Is there a schedule for fixing CVE-2018-0495 Libgcrypt Vulnerability for CentOS 6? I can not find a patch for this CVE. Please point me in the right direction if I am missing something. Thanks, Ed

Hello, On 2019-08-28 14:10, Aki Tuomi via dovecot wrote: > Dear subscribers, we have been made aware of critical vulnerability in > Dovecot and Pigeonhole. Has this already been fixed in 2.2.36.4? Changelog does not mention it. Regards Christoph