RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.16 update on RHEL 7 (Moderate) (RHSA-2017:1548)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1548 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

RHEL 7 : Red Hat Ceph Storage 1.3.3 (RHSA-2016:1972)

Red Hat Ceph Storage 1.3.3 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

XSS in the import dialog

PMASA-2018-5 Announcement-ID: PMASA-2018-5 Date: 2018-08-21 Summary XSS in the import dialog Description A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Severity We consider th...

RHEL 7 : mariadb (RHSA-2018:2439)

An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate Photon OS Security Update - PHSA-2018-0176

Updates of 'glibc' packages of Photon OS have been released...

Moderate severity vulnerability that affects rack-mini-profiler

Withdrawn, accidental duplicate publish. The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks...

Security update for libsoup (moderate)

This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames bsc1100097. - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers bsc1052916. Bug fixes: - bsc1086036:...

CentOS 6 : java-1.7.0-openjdk (CESA-2018:2283)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 : java-1.7.0-openjdk (RHSA-2018:2283)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2283 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fixes:...

RHEL 7 : xmlrpc (RHSA-2018:2317)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2317 advisory. XML-RPC is a way to make remote procedure calls over the Internet. It converts procedure calls into XML documents, sends them to a remote server usin...

Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2018-2286)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2286 advisory. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2018-2283)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2283 advisory. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 7 : Red Hat Virtualization (RHSA-2018:2321)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2321 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,...

RHEL 7 : java-1.7.0-openjdk (RHSA-2018:2286)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2286 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fixes:...

Moderate: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 6 : java-1.8.0-openjdk (CESA-2018:2241)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GHSA-HJF3-R7GW-9RWG feedparser denial of service vulnerability

Universal Feed Parser aka feedparser or python-feedparser before 5.1.2 allows remote attackers to cause a denial of service memory consumption via a crafted XML ENTITY declaration in a non-ASCII encoded document...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-2242)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2242 advisory. 1:1.8.0.181-7.b13 - Update to aarch64-jdk8u181-b13 and aarch64-shenandoah-jdk8u181-b13. - Remove 8187577/PR3578 now applied upstream. - Resolves: rhbz1594249...

GHSA-2QX8-589J-GCPX Plone and plone.app.users allow remote authenticated users to modify the properties of arbitrary accounts

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...

GHSA-X88J-93VC-WPMP Session manipulation in Django

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...