-
CVE-2019-10082
Latest security vulnerabilities Apache Http Server Sep 26, 2019 | 00:00 amIn Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVSS:6.4) (Last Update:2019-09-27)
Read more... -
CVE-2019-10092
Latest security vulnerabilities Apache Http Server Sep 26, 2019 | 00:00 amIn Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This[…]
Read more... -
CVE-2019-10097
Latest security vulnerabilities Apache Http Server Sep 26, 2019 | 00:00 amIn Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be[…]
Read more... -
CVE-2019-10098
Latest security vulnerabilities Apache Http Server Sep 25, 2019 | 00:00 amIn Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVSS:5.8) (Last Update:2019-10-09)
Read more... -
CVE-2019-10081
Latest security vulnerabilities Apache Http Server Aug 15, 2019 | 00:00 amHTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not[…]
Read more... -
CVE-2019-0197
Latest security vulnerabilities Apache Http Server Jun 11, 2019 | 00:00 amA vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the[…]
Read more... -
CVE-2019-0220
Latest security vulnerabilities Apache Http Server Jun 11, 2019 | 00:00 amA vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects[…]
Read more... -
CVE-2019-0211
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the[…]
Read more... -
CVE-2019-0215
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more... -
CVE-2019-0217
Latest security vulnerabilities Apache Http Server Apr 8, 2019 | 00:00 amIn Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVSS:6.0) (Last Update:2019-05-13)
Read more...
-
Red Hat Security Advisory 2020-1420-01
Operating System: RedHat ≈ Packet Storm Apr 9, 2020 | 14:58 pmRed Hat Security Advisory 2020-1420-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.
Read more... -
Red Hat Security Advisory 2020-1406-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2020 | 16:56 pmRed Hat Security Advisory 2020-1406-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.
Read more... -
Red Hat Security Advisory 2020-1280-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2020 | 16:54 pmRed Hat Security Advisory 2020-1280-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was resolved where /etc/passwd was given incorrect privileges.
Read more... -
Red Hat Security Advisory 2020-1403-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2020 | 16:52 pmRed Hat Security Advisory 2020-1403-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an out[…]
Read more... -
Red Hat Security Advisory 2020-1404-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2020 | 16:52 pmRed Hat Security Advisory 2020-1404-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Issues addressed include an out of bounds write vulnerability.
Read more... -
Red Hat Security Advisory 2020-1277-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2020 | 16:49 pmRed Hat Security Advisory 2020-1277-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a memory exhaustion vulnerability.
Read more... -
Red Hat Security Advisory 2020-1287-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2020 | 16:44 pmRed Hat Security Advisory 2020-1287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an out of bounds write vulnerability.
Read more... -
Red Hat Security Advisory 2020-1360-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2020 | 16:43 pmRed Hat Security Advisory 2020-1360-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an out of bounds access vulnerability.
Read more... -
Red Hat Security Advisory 2020-1358-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2020 | 16:43 pmRed Hat Security Advisory 2020-1358-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide[…]
Read more... -
Red Hat Security Advisory 2020-1276-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2020 | 16:42 pmRed Hat Security Advisory 2020-1276-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a memory exhaustion vulnerability.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmLanguage EnglishMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more... -
RHBA-2019:0500-1: nss-pem bug fix update
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:Updated nss-pem packages that fix one bug are now available for Red HatEnterprise Linux 7.6.
Read more... -
RHBA-2019:0499-1: resource-agents bug fix update
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:Updated resource-agents packages that fix one bug are now available for Red HatEnterprise Linux 7.
Read more... -
RHBA-2019:0498-1: rear bug fix update
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:Updated rear packages that fix several bugs are now available for Red HatEnterprise Linux 7.
Read more... -
RHBA-2019:0497-1: gnome-tweak-tool bug fix update
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:Updated gnome-tweak-tool packages that fix two bugs are now available for RedHat Enterprise Linux 7.
Read more... -
RHBA-2019:0496-1: tuned bug fix update
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:Updated tuned packages that fix two bugs are now available for Red HatEnterprise Linux 7.
Read more... -
RHBA-2019:0488-1: Red Hat Certification bug fix and enhancement update for RHEL6 and RHEL7
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:An updated redhat-certification package that fixes several bugs and adds variousenhancements is now available for Red Hat Enterprise Linux 6 and Red HatEnterprise Linux 7.
Read more... -
RHBA-2019:0484-1: dpdk bug fix update
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:Updated dpdk packages that fix one bug are now available in the Extras channelof Red Hat Enterprise Linux 7.
Read more... -
RHSA-2019:0544-1: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core onRed Hat Enterprise Linux.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score,[…]
Read more... -
RHEA-2019:0543-1: new packages: rh-jmc
Red Hat Errata Jan 1, 1970 | 00:00 amRed Hat Enterprise Linux:New rh-jmc packages are now available as a part of Red Hat Software Collections3.2 for Red Hat Enterprise Linux 7.
Read more...
-
D-Link DIR-859 Unauthenticated Remote Command Execution
CGI Files ≈ Packet Storm Jan 22, 2020 | 16:26 pmD-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
Read more... -
Barco WePresent file_transfer.cgi Command Injection
CGI Files ≈ Packet Storm Jan 14, 2020 | 16:16 pmThis Metasploit module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
Read more... -
Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
CGI Files ≈ Packet Storm Sep 9, 2019 | 23:46 pmThe Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.
Read more... -
Debian Security Advisory 4507-1
CGI Files ≈ Packet Storm Aug 26, 2019 | 15:54 pmDebian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform[…]
Read more... -
Ubuntu Security Notice USN-4059-1
CGI Files ≈ Packet Storm Jul 16, 2019 | 20:09 pmUbuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS[…]
Read more... -
ABB IDAL HTTP Server Authentication Bypass
CGI Files ≈ Packet Storm Jun 21, 2019 | 20:32 pmThe IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an[…]
Read more... -
Telus Actiontec WEB6000Q Denial Of Service
CGI Files ≈ Packet Storm Jun 12, 2019 | 18:44 pmTelus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]
Read more... -
RICOH SP 4520DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 18:22 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
Read more... -
RICOH SP 4510DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 14:55 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Read more... -
Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure
CGI Files ≈ Packet Storm Apr 27, 2019 | 17:20 pmAn exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]
Read more...
snaplitics made a real revolution in the industry.
-
Debian: DSA-4655-1: firefox-esr security update
Advisories Apr 8, 2020 | 13:22 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed -
Debian: DSA-4654-1: chromium security update
Advisories Apr 8, 2020 | 00:01 am
Read more...
Several vulnerabilities have been discovered in the chromium web browser. CVE-2020-6450 -
Debian: DSA-4653-1: firefox-esr security update
Advisories Apr 4, 2020 | 11:20 am
Read more...
Two security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed -
Debian: DSA-4652-1: gnutls28 security update
Advisories Apr 4, 2020 | 10:41 am
Read more...
A flaw was reported in the DTLS protocol implementation in GnuTLS, a library implementing the TLS and SSL protocols. The DTLS client would not contribute any randomness to the DTLS negotiation, breaking the security guarantees of the DTLS protocol. -
Debian: DSA-4650-1: qbittorrent security update
Advisories Apr 2, 2020 | 16:49 pm
Read more...
Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name[…] -
Debian: DSA-4651-1: mediawiki security update
Advisories Apr 2, 2020 | 16:47 pm
Read more...
It was discovered that some user-generated CSS selectors in MediaWiki, a website engine for collaborative work, were not escaped. The oldstable distribution (stretch) is not affected. -
Debian: DSA-4649-1: haproxy security update
Advisories Apr 2, 2020 | 09:13 am
Read more...
Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential[…] -
Debian: DSA-4648-1: libpam-krb5 security update
Advisories Mar 31, 2020 | 13:35 pm
Read more...
Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code. -
Debian: DSA-4647-1: bluez security update
Advisories Mar 26, 2020 | 18:37 pm
Read more...
It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID[…] -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4620-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more... -
Debian Security Advisory 4623-1
Operating System: Debian ≈ Packet Storm Feb 14, 2020 | 15:25 pmDebian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
Read more...
-
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more... -
Linux Kernel Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Jul 12, 2018 | 21:43 pmLinux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
Read more... -
DHCP Client Command Injection (DynoRoot)
Operating System: Fedora ≈ Packet Storm Jun 12, 2018 | 23:58 pmThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]
Read more... -
Reliable Datagram Sockets (RDS) Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 19, 2018 | 06:48 amThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]
Read more... -
Libuser roothelper Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 13, 2018 | 21:49 pmThis Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]
Read more... -
MagniComp SysInfo mcsiwrapper Privilege Escalation
Operating System: Fedora ≈ Packet Storm Feb 20, 2018 | 14:09 pmThis Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]
Read more...
Dazu zählen z.B. Web Application Firewalls (WAF), die auch kostenlos erhältlich sind und durchaus einen sinnvollen, zusätzlichen Schutz bieten können. Zumindest kann sogenannten 'Script-Kiddies' der Spass deutlich erschwert werden.
-
[20200301] - Core - CSRF in com_templates image actions
Security Announcements Mar 10, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.2.0-3.9.15Exploit type: CSRFReported Date: 2020-February-06Fixed Date: 2020-March-10CVE Number: CVE-2020-10241DescriptionMissing token checks in the image actions of com_templates causes CSRF vulnerabilities.Affected InstallsJoomla! CMS versions 3.2.0 - 3.9.15SolutionUpgrade to version 3.9.16ContactThe JSST at the Joomla! Security Centre.Reported[…]
Read more... -
[20200302] - Core - XSS in Protostar and Beez3
Security Announcements Mar 10, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0-3.9.15Exploit type: XSSReported Date: 2020-February-24Fixed Date: 2020-March-10CVE Number: CVE-2020-10242DescriptionInadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.15SolutionUpgrade to version 3.9.16ContactThe JSST at the Joomla![…]
Read more... -
[20200303] - Core - Incorrect Access Control in com_templates
Security Announcements Mar 10, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 2.5.0-3.9.15Exploit type: Incorrect Access ControlReported Date: 2020-January-31Fixed Date: 2020-March-10CVE Number: CVE-2020-10238DescriptionVarious actions in com_templates lack the required ACL checks, leading to various potential attack vectors.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.15SolutionUpgrade to version 3.9.16ContactThe JSST[…]
Read more... -
[20200305] - Core - Incorrect Access Control in com_fields SQL field
Security Announcements Mar 10, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.7.0-3.9.15Exploit type: Incorrect Access ControlReported Date: 2020-February-28Fixed Date: 2020-March-10CVE Number: CVE-2020-10239DescriptionIncorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.Affected InstallsJoomla! CMS versions 3.7.0 - 3.9.15SolutionUpgrade to version 3.9.16ContactThe JSST at[…]
Read more... -
[20200304] - Core - Identifier collisions in com_users
Security Announcements Mar 10, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.0.0-3.9.15Exploit type: OtherReported Date: 2020-February-07Fixed Date: 2020-March-10CVE Number: CVE-2020-10240DescriptionMissing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.15SolutionUpgrade to[…]
Read more... -
[20200306] - Core - SQL injection in Featured Articles menu parameters
Security Announcements Mar 10, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 1.7.0-3.9.15Exploit type: SQL InjectionReported Date: 2020-March-9Fixed Date: 2020-March-10CVE Number: CVE-2020-10243DescriptionThe lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.Affected InstallsJoomla! CMS versions[…]
Read more... -
Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS
Blog - JoomlaWorks Feb 12, 2020 | 09:58 am
Read more...
I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…] -
Simple Image Gallery (free) v4.1.0 released
Blog - JoomlaWorks Jan 28, 2020 | 18:30 pm
Read more...
Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0:Allow the plugin to accept WEBP images as source images[…] -
[20200101] - Core - CSRF in batch actions
Security Announcements Jan 28, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.0.0-3.9.14Exploit type: CSRFReported Date: 2019-December-23Fixed Date: 2020-January-28CVE Number: CVE-2020-8419DescriptionMissing token checks in the batch actions of various components causes CSRF vulnerabilities.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.14SolutionUpgrade to version 3.9.15ContactThe JSST at the Joomla! Security[…]
Read more... -
[20200102] - Core - CSRF com_templates LESS compiler
Security Announcements Jan 28, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.0.0-3.9.14Exploit type: CSRFReported Date: 2019-December-18Fixed Date: 2020-January-28CVE Number: CVE-2020-8420DescriptionA missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.14SolutionUpgrade to version 3.9.15ContactThe JSST at the[…]
Read more... -
[20200103] - Core - XSS in com_actionlogs
Security Announcements Jan 28, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 3.9.0-3.9.14Exploit type: XSSReported Date: 2019-December-25Fixed Date: 2020-January-28CVE Number: CVE-2020-8421DescriptionInadequate escaping of usernames allow XSS attacks in com_actionlogs.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.14SolutionUpgrade to version 3.9.15ContactThe JSST at the Joomla! Security Centre.Reported By: Mayank Kumbhar[…]
Read more... -
AllVideos v6.0.0 released - now Joomla 4 compatible!
Blog - JoomlaWorks Jan 17, 2020 | 17:26 pm
Read more...
Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…] -
Simple Image Gallery (free) v4.0.0 released - now Joomla 4 compatible!
Blog - JoomlaWorks Jan 11, 2020 | 18:13 pm
Read more...
Simple Image Gallery (free) version 4.0.0 is now available to download. This marks our first extension update that supports the upcoming Joomla version 4 (currently in "beta").Here's what's been added or changed in Simple Image Gallery (free) with the release[…] -
RadioWave v1.2.0 released
Blog - JoomlaWorks Jan 8, 2020 | 19:37 pm
Read more...
RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…] -
SocialConnect v1.10.0 released
Blog - JoomlaWorks Jan 7, 2020 | 16:12 pm
Read more...
SocialConnect v1.10.0 is now available to download for subscribers. This new release improves compatibility with recent API changes in Facebook and LinkedIn.Here's what's been added or changed in SocialConnect with the release of v1.10.0:Facebook authorization in SocialConnect's settings will now[…] -
AllVideos v5.2.0 released
Blog - JoomlaWorks Dec 20, 2019 | 18:43 pm
Read more...
Version 5.2.0 of AllVideos is now available. This is a bugfix release and it also improves compatibility with PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Improves PHP 7.4 compatibility.Fixes the "loop" control for HTML5 media[…] -
[20191202] - Core - Various SQL injections through configuration parameters
Security Announcements Dec 16, 2019 | 13:00 pmProject: Joomla!SubProject: CMSImpact: HighSeverity: LowVersions: 2.5.0 - 3.9.13Exploit type: SQL injectionReported Date: 2019-December-01Fixed Date: 2019-December-17CVE Number: CVE-2019-19846DescriptionThe lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.13SolutionUpgrade to version 3.9.14ContactThe JSST[…]
Read more... -
K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!
blog Dec 11, 2019 | 22:02 pm
Read more...
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…] -
Retiring the K2 templates section
blog Dec 8, 2019 | 16:05 pm
Read more...
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…] -
Simple Image Gallery Pro v3.7.0 released
Blog - JoomlaWorks Dec 2, 2019 | 13:47 pm
Read more...
Simple Image Gallery Pro v3.7.0 is now available to download for subscribers. This new release introduces 2 additional popup engines (modals) and improves compatibility with K2 v2.10.x.Here's what's been added or changed in Simple Image Gallery Pro with the release of[…] -
K2 v2.10.1 released
blog Nov 26, 2019 | 18:17 pm
Read more...
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…] -
K2 v2.10.0 released
blog Nov 15, 2019 | 01:04 am
Read more...
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…] -
AllVideos v5.1.0 released - now with Twitch support
Blog - JoomlaWorks Sep 5, 2019 | 12:23 pm
Read more...
Version 5.1.0 of AllVideos is now available, adding support for Twitch and fixing a couple of bugs introduced in v5.0.0.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports Twitch as a 3rd party video provider. You[…] -
AllVideos v5.0.0 released - now with web-native media playback
Blog - JoomlaWorks Jul 31, 2019 | 15:25 pm
Read more...
We have just released a major update to AllVideos, version 5.0.0, for Joomla versions 1.5 to 3.x.It introduces web-native media playback with no 3rd party dependencies.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports web-native media only (for[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 16:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
Rapicode, Multiple Extensions, Back Door
Live VEL Mar 30, 2018 | 18:30 pmRapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]
Read more... -
Google Map Landkarten,4.2.3,SQL Injection
Live VEL Mar 15, 2018 | 22:48 pmGoogle Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection
Read more... -
Fastball, SQL Injection
Live VEL Mar 8, 2018 | 17:25 pmFastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection
Read more... -
File Download Tracker,3.0,SQL Injection
Live VEL Mar 8, 2018 | 05:41 amFile Download Tracker by techsolsystem.com, 3.0, SQL Injection
Read more... -
SquadManagement,1.0.3,SQL Injection
Live VEL Mar 7, 2018 | 17:04 pmSquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection
Read more... -
JMS Music,1.1.1,SQL Injection
Live VEL Mar 5, 2018 | 16:08 pmJMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection
Read more... -
JS Autoz ,1.0.9,SQL Injection
Live VEL Mar 3, 2018 | 19:14 pmJS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection
Read more... -
Realpin,1.5.04,SQL Injection
Live VEL Mar 1, 2018 | 18:07 pmRealpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection
Read more... -
Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection
Live VEL Feb 28, 2018 | 18:37 pmJoomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities
Read more... -
K2 v2.8.0 released
blog Aug 18, 2017 | 12:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 01:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Mar 29, 2016 | 13:34 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 05:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…] -
K2 Next to be presented in JoomlaDay Brasil 2015
blog Aug 31, 2015 | 16:14 pm
Read more...
(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…] -
Video course on K2 for Joomla 3
blog Mar 10, 2015 | 17:59 pm
Read more...
Hi everyone. I'm Antonio Mercurio from Italy. I'm passioned about opensource software such as Joomla, Drupal, Wordpress and many others. I made a video course on K2 for Joomla 3 in Italian on the Udemy platform. The video course is[…] -
SocialConnect
Updated Extensions - JoomlaWorks Jan 23, 2013 | 14:06 pm
Read more...
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration.FeaturesLet your users register to your website[…] -
K2
Updated Extensions - JoomlaWorks Nov 5, 2012 | 22:00 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Jul 25, 2012 | 21:00 pm
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…] -
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
NEW VERSION 3.7.0 released in December 2019!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
AllVideos
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…] -
hwdplayer,4.2,SQL Injection
Live VEL Dec 3, 2001 | 06:00 amhwdplayer,4.2,SQL InjectionPossible abandonware also
Read more...
-
CVE-2019-13617
Latest security vulnerabilities Nginx products Jul 16, 2019 | 00:00 amnjs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. (CVSS:4.3) (Last Update:2019-07-18)
Read more... -
CVE-2019-13067
Latest security vulnerabilities Nginx products Jun 29, 2019 | 00:00 amnjs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. (CVSS:7.5) (Last Update:2019-07-05)
Read more... -
CVE-2019-12206
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)
Read more... -
CVE-2019-12207
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. (CVSS:7.5) (Last Update:2019-05-20)
Read more... -
CVE-2019-12208
Latest security vulnerabilities Nginx products May 20, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. (CVSS:7.5) (Last Update:2019-05-20)
Read more... -
CVE-2019-11837
Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. (CVSS:5.0) (Last Update:2019-05-09)
Read more... -
CVE-2019-11838
Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-09)
Read more... -
CVE-2019-11839
Latest security vulnerabilities Nginx products May 9, 2019 | 00:00 amnjs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. (CVSS:7.5) (Last Update:2019-05-10)
Read more... -
CVE-2018-16844
Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 amnginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen'[…]
Read more... -
CVE-2018-16845
Latest security vulnerabilities Nginx products Nov 7, 2018 | 00:00 amnginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a[…]
Read more...
-
Security update for rubygem-actionview-4_2 954
Novell Patches: - All SUSE Products - Apr 8, 2020 | 06:00 amAbstract: Moderate: Security update for rubygem-actionview-4_2Patch: SUSE-OpenStack-Cloud-7-2020-954 CVEs:CVE-2020-5267 Bugs:1167240Applies to:Package(s): ruby2.1-rubygem-actionview-4_2Product(s):SUSE OpenStack Cloud 7Downloads: SUSE OpenStack Cloud 7 for x86-64
Read more... -
Security update for vino 955
Novell Patches: - All SUSE Products - Apr 8, 2020 | 06:00 amAbstract: Moderate: Security update for vinoPatch: SUSE-SLE-SERVER-12-SP4-2020-955 CVEs:CVE-2019-15681 Bugs:1155419Applies to:Package(s): vino vino-langProduct(s):SUSE Linux Enterprise Server 12 SP4Downloads: SUSE Linux Enterprise Server 12 SP5 for x86-64SUSE Linux Enterprise Server 12 SP5 for s390xSUSE Linux Enterprise Server 12 SP5 for ppc64leSUSE Linux[…]
Read more... -
Security update for gmp, gnutls, libnettle 948
Novell Patches: - All SUSE Products - Apr 8, 2020 | 06:00 amAbstract: Moderate: Security update for gmp, gnutls, libnettlePatch: SUSE-SLE-Product-SLES_SAP-15-2020-948 CVEs:CVE-2020-11501 Bugs:1152692, 1166881, 1155327, 1168345Applies to:Package(s): gmp-devel gnutls libgmp10 libgmpxx4 libgnutls-devel libgnutls30 libgnutls30-hmac libgnutlsxx-devel libgnutlsxx28 libhogweed4 libnettle-devel libnettle6Product(s):SUSE Linux Enterprise Server for SAP Applications 15Downloads: SUSE Linux Enterprise Server 15 SP1[…]
Read more... -
Security update for wireshark 693
Novell Patches: - All SUSE Products - Apr 8, 2020 | 06:00 amAbstract: Moderate: Security update for wiresharkPatch: SUSE-SLE-Product-SLES_SAP-15-2020-693 CVEs:CVE-2018-19626, CVE-2019-10898, CVE-2018-14340, CVE-2018-11359, CVE-2019-5721, CVE-2018-14344, CVE-2018-14341, CVE-2018-11358, CVE-2018-19627, CVE-2020-7044, CVE-2018-18225, CVE-2019-9208, CVE-2019-5719, CVE-2018-11360, CVE-2018-11355, CVE-2018-14342, CVE-2019-10902, CVE-2018-14339, CVE-2019-5718, CVE-2018-19625, CVE-2018-14368, CVE-2019-10901, CVE-2018-16056, CVE-2020-9431, CVE-2018-11357, CVE-2019-10896, CVE-2019-19553, CVE-2018-11354, CVE-2018-19623, CVE-2019-10899, CVE-2019-9214, CVE-2018-14343, CVE-2018-19622,[…]
Read more... -
Security update for mgetty 957
Novell Patches: - All SUSE Products - Apr 8, 2020 | 06:00 amAbstract: Moderate: Security update for mgettyPatch: SUSE-SLE-Module-Basesystem-15-SP1-2020-957 CVEs:CVE-2019-1010190 Bugs:1142770, 1168170Applies to:Package(s): g3utils mgettyProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for s390xSUSE Linux Enterprise Server 15 SP1 for ppc64leSUSE[…]
Read more... -
Security update for python-PyYAML 959
Novell Patches: - All SUSE Products - Apr 8, 2020 | 06:00 amAbstract: Important: Security update for python-PyYAMLPatch: SUSE-SLE-Module-Python2-15-SP1-2020-959 CVEs:CVE-2020-1747 Bugs:1165439Applies to:Package(s): python2-PyYAMLProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for s390xSUSE Linux Enterprise[…]
Read more... -
Security update for ceph 962
Novell Patches: - All SUSE Products - Apr 8, 2020 | 06:00 amAbstract: Important: Security update for cephPatch: SUSE-SLE-SDK-12-SP4-2020-962 CVEs:CVE-2020-1760 Bugs:1166484Applies to:Package(s): libcephfs-devel librados-devel librbd-develProduct(s):SUSE Linux Enterprise Software Development Kit 12 SP4Downloads: SUSE Enterprise Storage 5 for x86-64SUSE Linux Enterprise Server 12 SP5 for x86-64SUSE Linux Enterprise Server 12 SP5 for s390xSUSE[…]
Read more... -
Security update for ceph 930
Novell Patches: - All SUSE Products - Apr 7, 2020 | 06:00 amAbstract: Important: Security update for cephPatch: SUSE-SLE-Module-Basesystem-15-SP1-2020-930 CVEs:CVE-2020-1759, CVE-2020-1760 Bugs:1166484, 1166403Applies to:Package(s): ceph-common libcephfs-devel libcephfs2 librados-devel librados2 libradospp-devel librbd-devel librbd1 librgw-devel librgw2 python3-ceph-argparse python3-cephfs python3-rados python3-rbd python3-rgw rados-objclass-develProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Enterprise Storage 6 for x86-64SUSE Linux[…]
Read more... -
Security update for MozillaFirefox 929
Novell Patches: - All SUSE Products - Apr 7, 2020 | 06:00 amAbstract: Important: Security update for MozillaFirefoxPatch: SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-929 CVEs:CVE-2020-6819, CVE-2020-6820 Bugs:1168630Applies to:Package(s): MozillaFirefox MozillaFirefox-devel MozillaFirefox-translations-common MozillaFirefox-translations-otherProduct(s):SUSE Linux Enterprise Server 15 SP1Downloads: SUSE Linux Enterprise Desktop 15 SP1 for x86-64SUSE Linux Enterprise Server 15 SP1 for s390xSUSE Linux Enterprise Server 15 SP1[…]
Read more... -
Security update for MozillaFirefox 14337
Novell Patches: - All SUSE Products - Apr 7, 2020 | 06:00 amAbstract: Important: Security update for MozillaFirefoxPatch: slessp4-MozillaFirefox-14337 CVEs:CVE-2020-6820, CVE-2020-6819 Bugs:1168630Applies to:Package(s): MozillaFirefox MozillaFirefox-translations-common MozillaFirefox-translations-otherProduct(s):SUSE Linux Enterprise Server 11 SP4 LTSSDownloads: SUSE Linux Enterprise Server 11 SP4 LTSS for x86-64
Read more...