Path traversal

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

CVE-2021-26725 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

CVE-2021-26725

Summary of CVE-2021-26725 (Nozomi Networks Guardian/CMC): A path traversal vulnerability exists in the web GUI timezone setting that, when accessed by an authenticated administrator, can read protected system files. Affected: Nozomi Networks Guardian and CMC up to version 20.0.7.3. Root cause det...

PT-2021-17116 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian versions 20.0.7.3 and prior versions Nozomi Networks CMC versions 20.0.7.3 and prior versions Description: A Path Traversal issue exists when changing the timezone using the web GUI, allowing an authenticated...

Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Summary An authenticated command path traversal vulnerability in the management interface allows an authenticated administrator to read-protected system files. Impact Authenticated web GUI administrator can force the system to copy system files to the wrong location allowing him to read the...

Debian DLA-2543-1 : libdatetime-timezone-perl new upstream version

This update includes the changes in tzdata 2021a for the Perl bindings. For the list of changes, see DLA-2542-1. For Debian 9 stretch, this problem has been fixed in version 1:2.09-1+2021a. We recommend that you upgrade your libdatetime-time zone-perl packages. For the detailed security status of...

Debian DLA-2542-1 : tzdata new upstream version

This update includes the changes in tzdata 2021a. Notable changes are : - South Sudan changed from +03 to +02 on 2021-02-01. For Debian 9 stretch, this problem has been fixed in version 2021a-0+deb9u1. We recommend that you upgrade your tzdata packages. For the detailed security status of tzdata...

openSUSE Security Update : viewvc (openSUSE-2021-84)

This update for viewvc fixes the following issues : - update to 1.1.28 boo1167974, CVE-2020-5283 : - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166,...

openSUSE Security Update : viewvc (openSUSE-2021-123)

This update for viewvc fixes the following issues : - update to 1.1.28 boo1167974, CVE-2020-5283 : - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166,...

OPENSUSE-SU-2021:0145-1 Security update for viewvc

This update for viewvc fixes the following issues: - update to 1.1.28 boo1167974, CVE-2020-5283: security fix: escape subdir lastmod file name 211 fix standalone.py first request failure 195 suppress stack traces with option to show 140 distinguish text/binary/image files by icons 166, 175 colori...

OPENSUSE-SU-2021:0127-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0119-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update for...

OPENSUSE-SU-2021:0084-1 Security update for viewvc

This update for viewvc fixes the following issues: - update to 1.1.28 boo1167974, CVE-2020-5283: security fix: escape subdir lastmod file name 211 fix standalone.py first request failure 195 suppress stack traces with option to show 140 distinguish text/binary/image files by icons 166, 175 colori...

Security update for viewvc (moderate)

openSUSE Security Update: Security update for viewvc Announcement ID: openSUSE-SU-2021:0084-1 Rating: moderate References: 1167974 Cross-References: CVE-2020-5283 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for viewvc fix...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0093-1 Rating: important References: 1180623 Cross-References: CVE-2020-16044 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update...

SUSE-SU-2021:0123-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 fixed: Running a quicksearch that returned no result...

Debian DLA-2510-1 : libdatetime-timezone-perl new upstream release

This update includes the changes in tzdata 2020e for the Perl bindings. For the list of changes, see DLA-2510-1. For Debian 9 stretch, this problem has been fixed in version 1:2.09-1+2020e. We recommend that you upgrade your libdatetime-time zone-perl packages. For the detailed security status of...

Debian: Security Advisory (DLA-2510)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Spectrum Protect Plus Command Injection (CVE-2020-4206)

A command injection vulnerability exists in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input validation in the Administrative Console service when parsing the timezone parameter...

openSUSE Security Update : podman (openSUSE-2020-2039)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...