Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28673 | 1 Xerox | 46 Phaser 6510, Phaser 6510 Firmware, Versalink B400 and 43 more | 2021-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface. | |||||
| CVE-2021-22988 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 9.0 HIGH | 8.8 HIGH |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22989 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 9.0 HIGH | 9.1 CRITICAL |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22987 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 9.0 HIGH | 9.9 CRITICAL |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22990 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 9.0 HIGH | 7.2 HIGH |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22998 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-23000 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22999 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-23002 | 1 F5 | 2 Access Policy Manager Clients, Big-ip Access Policy Manager | 2021-04-05 | 2.7 LOW | 4.5 MEDIUM |
| When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-23004 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-23003 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-29646 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-04-05 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. | |||||
| CVE-2020-24391 | 1 Mongo-express Project | 1 Mongo-express | 2021-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769. | |||||
| CVE-2021-20677 | 1 Necplatforms | 8 Sl2100, Sl2100 Firmware, Univerge Aspire Ux and 5 more | 2021-04-02 | 3.5 LOW | 3.1 LOW |
| UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command. | |||||
| CVE-2021-25371 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-04-01 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | |||||
| CVE-2021-26540 | 1 Apostrophecms | 1 Sanitize-html | 2021-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". | |||||
| CVE-2021-1626 | 1 Salesforce | 1 Mule | 2021-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021. | |||||
| CVE-2021-25353 | 1 Samsung | 1 Galaxy Themes | 2021-04-01 | 3.6 LOW | 7.1 HIGH |
| Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. | |||||
| CVE-2021-21727 | 1 Zte | 2 Zxhn F623, Zxhn F623 Firmware | 2021-04-01 | 7.8 HIGH | 7.5 HIGH |
| A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33> | |||||
| CVE-2021-28670 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-04-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. | |||||
| CVE-2020-19640 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2021-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'. | |||||
| CVE-2021-20679 | 1 Fujixerox | 150 Apeosport-vii 4021, Apeosport-vii 4021 Firmware, Apeosport-vii 5021 and 147 more | 2021-04-01 | 7.8 HIGH | 7.5 HIGH |
| Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command. | |||||
| CVE-2007-2728 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2021-03-31 | 5.0 MEDIUM | N/A |
| The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. | |||||
| CVE-2021-29249 | 1 Btcpayserver | 1 Btcpay Server | 2021-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. | |||||
| CVE-2021-26934 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. | |||||
| CVE-2020-13951 | 1 Apache | 1 Openmeetings | 2021-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. | |||||
| CVE-2020-19625 | 1 Gridx Project | 1 Gridx | 2021-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter. | |||||
| CVE-2017-8461 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2021-03-29 | 6.9 MEDIUM | 7.8 HIGH |
| Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability." | |||||
| CVE-2019-12762 | 6 Fujitsu, Google, Samsung and 3 more | 16 Arrows Nx F05-f, Arrows Nx F05-f Firmware, Nexus 7 and 13 more | 2021-03-27 | 1.9 LOW | 4.2 MEDIUM |
| Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | |||||
| CVE-2021-29133 | 1 Haserl Project | 1 Haserl | 2021-03-26 | 2.1 LOW | 5.5 MEDIUM |
| Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem. | |||||
| CVE-2021-28100 | 1 Netflix | 1 Priam | 2021-03-26 | 2.1 LOW | 5.5 MEDIUM |
| Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process. | |||||
| CVE-2020-17487 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. | |||||
| CVE-2021-22320 | 1 Huawei | 14 Ips Module, Ips Module Firmware, Ngfw Module and 11 more | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600. | |||||
| CVE-2020-9206 | 1 Huawei | 2 Eudc660, Eudc660 Firmware | 2021-03-26 | 4.6 MEDIUM | 6.7 MEDIUM |
| The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device. | |||||
| CVE-2020-9212 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2021-03-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak. | |||||
| CVE-2021-27593 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-26 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | |||||
| CVE-2020-11986 | 1 Apache | 1 Netbeans | 2021-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user. | |||||
| CVE-2020-7200 | 1 Hp | 1 Systems Insight Manager | 2021-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. | |||||
| CVE-2021-27586 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27587 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27588 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27589 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2020-27632 | 1 Siemens | 4 Simatic Mv420, Simatic Mv420 Firmware, Simatic Mv440 and 1 more | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. | |||||
| CVE-2021-27592 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27591 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27590 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-27585 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-03-25 | 6.8 MEDIUM | 7.8 HIGH |
| When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-25764 | 1 Jetbrains | 1 Phpstorm | 2021-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. | |||||
| CVE-2020-28466 | 1 Nats | 1 Nats Server | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git. | |||||