GHSA-7WPH-FC4W-WQP2 Improper date handling in Django

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service resource consumption via a URL that...

GHSA-H95J-H2RV-QRG4 Django Cross-Site Request Forgery vulnerability

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

GHSA-5J2H-H5HG-3WF8 Cross-site request forgery in Django

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

GHSA-3QPR-7RMG-73V8 Plone and Zope2 affected by Race Condition

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

Moderate severity vulnerability that affects Products.PlonePAS

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors...

RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2177 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

Security update for tiff (moderate)

This update for tiff fixes the following security issues: These security issues were fixed: - CVE-2017-18013: Fixed a NULL pointer dereference in the tifprint.cTIFFPrintDirectory function that could have lead to denial of service bsc1074317. - CVE-2018-10963: Fixed an assertion failure in the...

Security update for nextcloud (moderate)

This update for nextcloud fixes the following issues: Security issues fixed: - CVE-2018-3761: Fix improper authentication on the OAuth2 token endpoint bsc1100344. - CVE-2018-3762: Fix improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it...

Oracle Linux 7 : python (ELSA-2018-2123)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2123 advisory. 2.7.5-69.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 sweet32. Resolves: rhbz158454...

Oracle Linux 6 : sssd / and / ding-libs (ELSA-2018-1877)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1877 advisory. - Resolves: rhbz1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database rhel-6.10 Tenable has extracted the preceding descriptio...

CentOS 6 : ding-libs / sssd (CESA-2018:1877)

An update for sssd and ding-libs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 6 : glibc (CESA-2018:1879)

An update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS 6 : pcs (CESA-2018:1927)

An update for pcs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

XSS in Designer feature

PMASA-2018-3 Announcement-ID: PMASA-2018-3 Date: 2018-06-19 Updated: 2018-06-21 Summary XSS in Designer feature Description A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Severity...

CentOS 7 : kernel (CESA-2018:1852)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 7 : kernel (RHSA-2018:1852)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 7 : Red Hat Ceph Storage 1.3 (RHSA-2016:2994)

An update is now available for Red Hat Ceph Storage 1.3. This erratum is for Red Hat Ceph Storage that runs on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 7 : Red Hat Ceph Storage 2.1 (RHSA-2016:2954)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2954 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a...

RHEL 7 : Red Hat Ceph Storage 1.3 (RHSA-2016:2847)

An update is now available for Red Hat Ceph Storage 1.3. This erratum is applicable for Red Hat Ceph Storage that runs on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...

CentOS 7 : qemu-kvm (CESA-2018:1416)

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...