19 matches found
NewStart CGSL CORE 5.05 / MAIN 5.05 : cups Multiple Vulnerabilities (NS-SA-2021-0161)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has cups packages installed that are affected by multiple vulnerabilities: - A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP...
CVE-2019-8656
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount tha...
CVE-2019-8539
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges...
CVE-2019-8656
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount tha...
cups: stack-buffer-overflow in libcups's asn1_get_type function
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code...
cups: stack-buffer-overflow in libcups's asn1_get_type function
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code...
CVE-2019-8675
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code...
About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra This document describes the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. About Apple security updates For o...
EZSA-2019-004 CSRF token in login form is disabled by default
More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-004-csrf-token-in-login-form-is-disabled-by-default...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006
The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue, , .... If an unsanitized source object...
Fedora 28 : drupal8 (2019-79bd99f9a8)
https://www.drupal.org/project/drupal/releases/8.6.13 - https://www.drupal.org/SA-CORE-2019-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Fedora 28 : drupal7 (2019-2fbce03df3)
https://www.drupal.org/project/drupal/releases/7.65 - https://www.drupal.org/SA-CORE-2019-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Fedora 29 : drupal7 (2019-35589cfcb5)
https://www.drupal.org/project/drupal/releases/7.65 - https://www.drupal.org/SA-CORE-2019-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: XSS always requires extra effort in a pentest, it depends on the actual app...
Drupal XSS Vulnerability (SA-CORE-2019-004) - Windows
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Drupal XSS Vulnerability (SA-CORE-2019-004) - Linux
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
DRUPAL-CORE-2019-004
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
Moderately critical - Cross Site Scripting - SA-CORE-2019-004
More info at https://www.drupal.org/SA-CORE-2019-004...