Cumulative Update 43 for Microsoft Dynamics NAV 2018 (Build 47562)

None None...

Cumulative Update 56 for Microsoft Dynamics NAV 2017 (Build 30601)

None None...

olcne security update

olcne 1.3.1-5 - Updated registry-image-helper.sh to work with olcne-utils 1.3.1-4 - Fix istio template for 1.9.6 and 1.10.2 for k8s update failure 1.3.1-3 - Added ENDVERSIONBLOCK for OLM image 1.3.1-2 - Fix iptables issue when running on OL7 host using OL8 image for 1.19.8 - Fix iptables issue wh...

[SECURITY] Fedora 33 Update: python2-pillow-6.2.2-6.fc33

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. This is a minimal compatibility package for https://pagure.io/fesco/issue/2266...

Security Bulletin: October 2020 Patch Update for Java

Summary The October 2020 update to Java contains fixes for a number of potential vulnerabilities. Refer to the Details section for additional information. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allo...

Security Bulletin: Potential vulnerability with Node.js lodash module

Summary A potential vulnerability has been identified related to Node.js lodash module. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servic...

Security Bulletin: Apache Commons

Summary A potential vulnerability has been identified related to Apache Commons. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input...

AD Starter Scan - Null sessions

Binary data adsinullsession.nbin...

CVE-2021-2352

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

[SECURITY] Fedora 33 Update: linuxptp-3.1.1-1.fc33

This software is an implementation of the Precision Time Protocol PTP according to IEEE standard 1588 for Linux. The dual design goals are to provi de a robust implementation of the standard and to use the most relevant and mode rn Application Programming Interfaces API offered by the Linux kerne...

Security Bulletin: Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258)

Summary There is a Dojo vulnerability in WebSphere Liberty used by Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype...

Update 16.14 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 (Application Build 16.14.27266, Platform Build 16.0.27253)

None None...

SUSE-SU-2021:2295-1 Security update for slurm_20_11

This update for slurm2011 fixes the following issues: Updated to 20.11.7 Summary of new features: CVE-2021-31215: Fixed a remote code execution as SlurmUser bsc1186024. slurmd - handle configless failures gracefully instead of hanging indefinitely. select/constres - fix Dragonfly topology not...

OPENSUSE-SU-2021:1819-1 Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 bsc1181255: - delay creation of threadpools - bin: Fix deep-element-removed log message - buffer: fix meta...

OPENSUSE-SU-2021:1755-1 Security update for libu2f-host

This update for libu2f-host fixes the following issues: This update ships the u2f-host package jscECO-3687 bsc1184648 Version 1.1.10 released 2019-05-15 - Add new devices to udev rules. - Fix a potentially uninitialized buffer CVE-2019-9578, bsc1128140 Version 1.1.9 released 2019-03-06 - Fix CID...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:2003-1 Rating: important References: 1186696 Cross-References: CVE-2021-29964 CVE-2021-29967 Affected Products: openSUSE Leap 15.3 An update that fixes two vulnerabilities is now available...

Open Redirect in medialize/uri.js

✍️ Description urijs mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. 🕵️‍♂️ Proof of Concept 1. Create the following PoC file:...

Open Redirect in unshiftio/url-parse

✍️ Description url-parse mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. Similar attacks:...

GHSA-2CC5-23R7-VC4V Ratpack's default client side session signing key is highly predictable

Impact The client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is not on by default, the session data could be tampered with by someone with...

Default configuration

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...