1065 matches found
DLA-1482-1 libx11 - security update
Bulletin has no description...
NoMachine App for Android vulnerable to environment variables alteration
Overview NoMachine App for Android contains an information alteration vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may alte...
DSA-4276-1 php-horde-image - security update
Bulletin has no description...
JVN#06372244: Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE
EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service, which are additional modules for EC-CUBE, provided by GMO Payment Gateway, Inc. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability in the management screen CWE-79 - CVE-2018-0657 Version|...
GHSA-72FG-JQHX-C68P Open Redirect in st
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...
DLA-1445-2 busybox - regression update
Bulletin has no description...
DLA-1454-1 network-manager-vpnc - security update
Bulletin has no description...
Major Bluetooth Vulnerability
Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with hig...
GHSA-PJMX-9XR3-82QR ReDoS via long UserAgent header in useragent
Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed. Proof of Concept js var useragent = require'useragent'; var badUserAgent = 'MSIE 0.0'+Array900000.join'0'+'XBLWP'; var request = 'GET / HTTP/1.1\r\nUser-Agen...
DSA-4253-1 network-manager-vpnc - security update
Bulletin has no description...
GHSA-W4PV-W56C-MG4V Path Traversal in stattic
Versions of stattic before 0.3.0 are vulnerable to path traversal allowing a remote attacker to read arbitrary files with any extension from the server that users stattic. Recommendation Update to version 0.3.0 or later...
DSA-4247-1 ruby-rack-protection - security update
Bulletin has no description...
DLA-1420-1 cinnamon - security update
Bulletin has no description...
DLA-1419-1 ruby-sprockets - security update
Bulletin has no description...
DSA-4237-1 chromium-browser - security update
Bulletin has no description...
DLA-1409-1 mosquitto - security update
Bulletin has no description...
SUSE-SU-2018:1822-1 Security update for gcc43
This update for gcc43 fixes the following issues: This update adds support for 'expolines' on s390x, allowing fixing CVE-2017-5715 in a more lightweight fashion. bsc1086069 The option flags are the same as for the x86 retpolines. A compiler crash when building userland packages with x86 retpoline...
DSA-4224-1 gnupg - security update
Bulletin has no description...
Arbitrary Code Injection in reduce-css-calc
Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...
“Upgrade in progress. This operation will take about 20 minutes. Please re-login after 20 minutes” on NetScaler SD-WAN
The following message is displayed under Configuration System Maintenance Update Software: “Upgrade in progress. This operation will take about 20 minutes. Please re-login after 20 minutes.”...