3791 matches found
[SECURITY] Fedora 29 Update: pango-1.42.4-3.fc29
Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango can be used anywhere that text layout is nee ded, though most of the work on Pango so far has been done in the context of the GTK+ widget toolkit. Pango forms the core of text and font handlin...
[SECURITY] Fedora 30 Update: pango-1.43.0-4.fc30
Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango can be used anywhere that text layout is nee ded, though most of the work on Pango so far has been done in the context of the GTK+ widget toolkit. Pango forms the core of text and font handlin...
Fedora Update for pango FEDORA-2019-547be4a683
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Remote Code Execution (RCE)
magento/community-edition is vulnerable to remote code execution RCE. The vulnerability exists as a user with admin privileges to layouts can execute code through a XML layout update...
kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...
kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location ...
CVE-2019-7942
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates...
CVE-2019-7896
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates...
Remote code execution
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...
CVE-2019-7896
CVE-2019-7896 affects Magento versions prior to 2.1.18 (2.1.x), 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2. The flaw allows an authenticated administrator with access to layouts to execute arbitrary code via a combination of product import, a crafted CSV file, and an XML layout update, resulting ...
CVE-2019-7895
Summary: Magento 2.x versions are affected by a remote code execution vulnerability via a crafted XML layout update. Affected versions: 2.1 before 2.1.18, 2.2 before 2.2.9, 2.3 before 2.3.2. Prerequisite to exploit: an authenticated user with admin privileges to layouts. Impact: arbitrary code ex...
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout...
CVE-2019-7876
CVE-2019-7876 is a remote code execution vulnerability in Magento 2.x prior to certain patch levels: 2.1.x < 2.1.18, 2.2.x < 2.2.9, and 2.3.x
Clop Ransomware
ARCHIVED STORY Clop Ransomware Alexandre Mundo · AUG 01, 2019 This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There a...
USN-4081-1: Pango vulnerability
It was discovered that Pango incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...