CVE-2020-24032

CVE-2020-24032 affects XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances via the tz.pl script: it permits command injection through shell metacharacters in the timezone (cmd=set&tz=OS). The Red Hat/PRION/PR security records corroborate the same vulnerability. No exploitation status is provided ...

PT-2020-15623 · Xorux · Stor2Rrd +1

Name of the Vulnerable Software and Affected Versions: XoruX LPAR2RRD and STOR2RRD version 2.70 Description: The issue allows for command injection via shell metacharacters in a timezone, using the tz.pl script with the cmd=set&tz=OS command. This can potentially lead to unauthorized execution of...

Fedora 30 : viewvc (2020-c952520959)

Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 ViewVC 1.1.27 ChangeLog : - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166, 175 - colorize alternating...

evolution security and bug fix update

evolution 3.28.5-12 - Add patch for RH bug 1778799 New Mail account wizard ignores email address change 3.28.5-11 - Update patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar 3.28.5-10 - Add patch for RH bug 1764563 CVE-2018-15587: Reposition signature bar - Add patch for RH bug...

Timezone on Clients Running Windows 10 Changes in Citrix VDI from US-EDT to "Caracas" time

Current Timezone is UTC - 05:00 US & Canada - When end users log into a Citrix VDI Windows 7 desktop using a Windows 10 client/host the timezone switches to UTC - 04:00 Caracas. This causes problem with Calendar appointments getting booked in the wrong time zone and being 1/2 hour behind. If we...

Arbitrary Code Execution

glibc is vulnerable to arbitrary code execution. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to...

Information Disclosure

java is vulnerable to information disclosure. The vulnerability exists as an information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the JREHOME/lib/zi/ directory, allowing a remote attacker to probe the local...

IBM Spectrum Protect Plus timezone Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Administrative...

[SECURITY] [DLA 1958-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.75-2+2019c This update includes the changes in tzdata 2019c for the Perl bindings. For the list of changes, see DLA-1957-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019c. We recommend that you upgrade your...

Revive Adserver: Authentication Bypass by abusing Insecure crypto tokens in /lib/OA/Dal/PasswordRecovery.php:

Hi, This is a fun bug I came across while doing a pentest for a client, after going through Revive Advserver's code for a few hours, I found this authentication bypass. This vulnerability seem to affect all versions, including the latest one, I was sent by one of your developers to report it here...

CVE-2018-20053

An issue was discovered on Cerner Connectivity Engine CCE 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network...

Debian DLA-1745-1 : libdatetime-timezone-perl new upstream version

This update includes the changes in tzdata 2019a for the Perl bindings. For the list of changes, see DLA-1744-1. For Debian 8 'Jessie', this problem has been fixed in version 1:1.75-2+2019a. We recommend that you upgrade your libdatetime-time zone-perl packages. NOTE: Tenable Network Security has...

[SECURITY] [DLA 1745-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.75-2+2019a This update includes the changes in tzdata 2019a for the Perl bindings. For the list of changes, see DLA-1744-1. For Debian 8 "Jessie", this problem has been fixed in version 1:1.75-2+2019a. We recommend that you upgrade your...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution

BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks...

Debian DLA-1625-1 : tzdata new upstream version

This update includes the changes in tzdata 2018i. Notable changes are : - Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new zone Asia/Qostanay has been added, because Qostanay, Kazakhstan didn't move. - Metlakatla, Alaska observes PST this winter only. - So Tom and Prncipe switched...

[SECURITY] [DLA 1625-1] tzdata new upstream version

Package : tzdata Version : 2018i-0+deb8u1 This update includes the changes in tzdata 2018i. Notable changes are: - Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new zone Asia/Qostanay has been added, because Qostanay, Kazakhstan didnt move. - Metlakatla, Alaska observes PST this...

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1253-1)

This security update of PHP fixes the following issues : Security issues fixed : - CVE-2015-4024 bnc931421: Fixed multipart/form-data remote DOS Vulnerability. - CVE-2015-4026 bnc931776: pcntlexec did not check path validity. - CVE-2015-4022 bnc931772: Fixed and overflow in ftpgenlist that result...

DLA-1626-1 libdatetime-timezone-perl - new upstream version

Bulletin has no description...

SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:3920-1)

java-170-ibm is updated to Java 7.0 Service Refresh 10 Fix Pack 35 bsc1116574 : Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM...

Debian DLA-1569-2 : libdatetime-timezone-perl regression update

The previous update of libdatetime-time zone-perl to tzdata version 2018g was incomplete due to a newly introduced rule type that this version of libdatetime-time zone-perl could not parse. For Debian 8 'Jessie', this problem has been fixed in version 1:1.75-2+2018g.1. We recommend that you upgra...