iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...

[SECURITY] Fedora 40 Update: qt6-qt5compat-6.7.1-1.fc40

Qt6 - Qt 5 Compatibility Libraries...

Oracle Linux 8 : openssh (ELSA-2024-3166)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3166 advisory. - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870 Tenable has extracted the preceding description block directly from the Oracl...

Fedora 39 : nextcloud (2024-80aa2e0e55)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-80aa2e0e55 advisory. Update nextcloud to 28.0.5 and PR 11 PR 11 Many issues fixed by aviram: - Better HTTPS handling in Apache configs - Better cron job compatibility with APC -...

SUSE-SU-2024:1777-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: PostgreSQL upgrade to version 15.7 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

SUSE CVE-2021-47364

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compatinsnlist compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl whenwhen CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct comediinsn converted fro...

SUSE-SU-2024:1768-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: PostgreSQL upgrade to version 14.12 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 1...

libXpm security update

3.5.12-11 - Drop hardening patches from previous version to keep ABI compatibility 3.5.12-10 - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage - CVE-2023-43787 libX11: integer overflow in XCreateImage leading to a heap overflow - CVE-2023-43788 libXpm: out of bounds...

openssh security update

8.0p1-24.0.1 - Update upstream references Orabug: 36587718 8.0p1-24 - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870 8.0p1-23 - Fix Terrapin attack Resolves: RHEL-19308 8.0p1-22 - Fix Terrapin attack Resolves: RHEL-19308 - Forbid shell metasymbols in...

DEBIAN-CVE-2023-52750

In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of bytes happened to match...

CVE-2023-52746

In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrmxlate32attr int type = nlatypenla; if type XFRMAMAX return -EOPNOTSUPP; @type is then used as an array index and can be used as a Spectre v1 gadget. if nlalennla...

DEBIAN-CVE-2021-47364

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compatinsnlist compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl whenwhen CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct comediinsn converted fro...

CVE-2021-47364

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compatinsnlist compatinsnlist handles the 32-bit version of the COMEDIINSNLIST ioctl whenwhen CONFIGCOMPAT is enabled. It allocates memory to temporarily hold an array of struct comediinsn converted fro...

SUSE CVE-2024-36004

In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQMEMRECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in checkflushdependency is being triggered. This seems to be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a vulnerability in the xfrm/compat module...

SUSE-SU-2024:1703-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: PostgreSQL upgrade to version 14.12 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 1...

Policy data may be lost when a CVAD site is upgraded from a previous version to 2402

Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools It's recommended that this tool be run prior to the upgrade to validate Policy compatibility. Pre-Upgrade Steps: Version CVAD 2402 Ensure...

Doctrine SQL injection vulnerability

Doctrine is prone to SQL injection vulnerability. Users of Doctrine 1.2 and 2 should update to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2. Affected versions are: - 1.2.3 and...

GHSA-6Q9V-4HQ6-5M67 Doctrine SQL injection vulnerability

Doctrine is prone to SQL injection vulnerability. Users of Doctrine 1.2 and 2 should update to the newly released versions of both libraries immediately. Both versions only include the security fix and no other changes to their previous versions 1.2.3 and 2.0.2. Affected versions are: - 1.2.3 and...

SUSE-SU-2024:1653-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: PostgreSQL upgrade to version 15.7 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...