106 matches found
SUSE-SU-2021:4155-1 Security update for libqt4
This update for libqt4 fixes the following issues: - CVE-2021-3481: Fixed out of bounds read in QRadialFetchSimd from crafted svg file bsc1184783. - CVE-2020-17507: Fixed buffer over-read in readxbmbody bsc1176315...
OPENSUSE-SU-2021:1073-1 Security update for chromium
This update for chromium fixes the following issues: Chromium 91.0.4472.164 boo1188373 CVE-2021-30559: Out of bounds write in ANGLE CVE-2021-30541: Use after free in V8 CVE-2021-30560: Use after free in Blink XSLT CVE-2021-30561: Type Confusion in V8 CVE-2021-30562: Use after free in WebSerial...
OPENSUSE-SU-2021:2354-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial ...
OPENSUSE-SU-2021:0937-1 Security update for live555
This update for live555 fixes the following issues: Update to 2021.05.22: - Lots of fixes and updates, including the security fix for CVE-2021-28899 boo1185874 and CVE-2019-15232 boo1146283. See the list in http://live555.com/liveMedia/public/changelog.txt This update was imported from the...
OPENSUSE-SU-2021:0915-1 Security update for live555
This update for live555 fixes the following issues: Update to 2021.05.22: - Lots of fixes and updates, including the security fix for CVE-2021-28899 boo1185874 and CVE-2019-15232 boo1146283. See the list in http://live555.com/liveMedia/public/changelog.txt...
SUSE-SU-2021:2104-1 Security update for Salt
This update fixes the following issues: salt: Update to Salt release version 3002.2 jscECO-3212, jscSLE-18033, jscSLE-18028 - Check if dpkgnotify is executable bsc1186674 - Drop support for Python2. Obsoletes python2-salt package jscSLE-18028 - Virt module updates network: handle missing ipv4...
Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP...
SUSE-SU-2020:14419-1 Security update for openldap2
This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAPCONFIGBACKEND='ldap' was used bsc1172698...
OPENSUSE-SU-2020:0324-1 Security update for chromium
This update for chromium tio version 80.0.3987.132 fixes the following issues: Chromium was updated to 80.0.3987.132 boo1165826 - CVE-2020-6420: Fixed improper policy enforcement in media. - Fixed other fixes from internal audits, fuzzing and other initiatives...
MGASA-2020-0037 Updated graphicsmagick packages fix security vulnerabilities
GraphicsMagick has been updated to fix security issues...
DEBIAN-CVE-2019-8551
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting...
MGASA-2019-0349 Updated glibc packages fix security vulnerability
Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible...
SUSE-SU-2019:2502-1 Security update for bind
This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones bsc1126069. - CVE-2019-6471: Fixed a reachable assert in dispatch.c. bsc1138687 - CVE-2018-5745: Fixe...
SUSE-SU-2019:2267-1 Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar
This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum,...
SUSE-SU-2019:1960-1 Security update for MozillaThunderbird
This update for MozillaThunderbird version 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. - CVE-2019-11712:...
SUSE-SU-2019:1389-2 Security update for cronie
This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon bsc1128937. - CVE-2019-9705: Fixed an implementation vulnerability...
CVE-2019-11477
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
SUSE-SU-2019:1371-1 Security update for xen
This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...
SUSE-SU-2019:1149-1 Security update for go1.10
This update for go1.10 fixes the following issues: Security issues fixed: - CVE-2019-6486: A CPU denial of service vulnerability affecting P-521 and P-384 elliptic curves was fixed. Other fixes: - go1.10.8 released 2019/01/23 security release fixes CVE-2019-6486. - Enable build for %arm bsc112576...
PLC Cycle Time Influences (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO Equipment: Programmable Logic Controllers Vulnerability: Uncontrolled Resource Consumption 2. UPDATE...