82 matches found
RM: calibre/buster-backports -- ROM; no security support; bpo10s of a newer version are impossible
Dear Backports admins, I am requesting the removal of calibre from buster-backports, because it has no security support and because newer versions of Calibre depend on a newer Qt version that cannot be backported. I delayed this request until Bullseye was released, so that users would have a...
PT-2021-24281 · Nix +1 · Nix +1
Name of the Vulnerable Software and Affected Versions: nix crate versions 0.16.0 through 0.20.1 nix crate versions 0.21.x before 0.21.2 nix crate versions 0.22.x before 0.22.2 Description: An issue was discovered in the nix crate where the nix::unistd::getgrouplist function can call the libc...
PT-2021-17973 · Rust +6 · Rust +6
Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.51.0 Description: The issue arises from the Zip implementation in the standard library, which calls iterator get unchecked for the same index more than once when nested. This can lead to a memory safety violation due ...
container-tools:1.0 security update
buildah 1.5-8.gite94b4f9.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.5-8.gite94b4f9 - bump release to preserve upgrade path - Related: 1821193 1.5-4.gite94b4f9 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build proces...
CVE-2021-20335
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and c...
PT-2020-19565 · Mcafee · Mcafee Database Security Server/Sensor
Name of the Vulnerable Software and Affected Versions: McAfee Database Security Server and Sensor versions prior to 4.8.0 Description: The issue is related to the use of a broken or risky cryptographic algorithm in the form of a SHA1 signed certificate. This could allow an attacker on the same...
Debian DLA-2324-1 : linux-latest-4.19 new package
Linux 4.19 has been packaged for Debian 9 as linux-4.19. This provides a supported upgrade path for systems that currently use kernel packages from the 'stretch-backports' suite. However, 'apt full-upgrade' will not automatically install the updated kernel packages. You should explicitly install...
Debian DLA-2321-1 : firmware-nonfree new upstream version
The firmware-nonfree package has been updated to include additional firmware that may be requested by some drivers in Linux 4.19. Along with additional kernel packages that will be announced later, this will provide a supported upgrade path for systems that currently use kernel and firmware...
PT-2020-10434 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.4.2 Description: The issue allows remote attackers to enumerate internal services via an Information Disclosure vulnerability. This is only exploitable if WebSudo is disabled in Jira...
virt:ol security update
hivex libguestfs 1:1.38.4-14.0.1 - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.38.4-14 - v2v: use -T as argument of scp when copying vmx files via ssh resolves: rhbz1738886 Fri Jun 28 2019 Danilo de Paula - Rebuild all virt package...
subversion:1.10 security update
libserf 1.3.9-9 - Resolves: 1696354 - Ensure modular RPM upgrade path subversion 1.10.2-2 - rebuild to ensure NVR ordering 1696354 1.10.2-1.1 - Resolves: 1733442 - CVE-2019-0203 subversion:1.10/subversion: remote unauthenticated denial-of-service in subversion svnserve utf8proc 2.1.1-5 - Resolves...
PT-2019-11534 · Gitea +1 · Gitea +1
Name of the Vulnerable Software and Affected Versions: Gitea versions 1.7.0 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript in a victim's browser through a Cross Site Scripting XSS attack. This is achieved by having the victim open a specifically crafted URL,...
Debian DLA-1424-1 : linux-latest-4.9 new package
Linux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a supported upgrade path for systems that currently use kernel packages from the 'jessie-backports' suite. However, 'apt full-upgrade' will not automatically install the updated kernel packages. You should explicitly install one...
Apache Cordova Android 5.2.2 Information Leak Vulnerability
Apache Cordova Android versions 5.2.2 and below suffer from an internal system information leak. CVE-2016-6799: Internal system information leak Severity: High Vendor: The Apache Software Foundation Versions Affected: Cordova Android 5.2.2 and below Description: The application calls methods of t...
SOL05016441 - Oracle Java vulnerability CVE-2016-3508
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
Fedora 21 : GraphicsMagick-1.3.20-3.fc21 (2014-14617)
Fix for psd security issue, and upgrade path to f21. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 16 : nut-2.6.3-4.fc16 (2012-8729)
fix heap-based buffer overflow due improper processing of non-printable characters in random network data CVE-2012-2944 - no change, just updated release number to fix upgrade path Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
Wordpress MM Forms plugin file upload vulnerability
Exploit for php platform in category web applications +----------------------------------------------------------------------+ Exploit Title: wordpress mmforms plugin file upload vulnerability Google Dork: inurl:/wp-content/plugins/mm-forms/ Date: 07/06/2012 Author: Tunisian spl01t3r Software Lin...
Implement salting of user passwords
Salting and Hashing of user passwords will require us to provide an upgrade path for users since all existing passwords will become invalid. This change should use the atlassian-security password encode library SEC-1...
Fedora 13 : gromacs-4.5.2-2.fc13 (2010-17256)
Fix upgrade path issue caused by branching of libs. Upgrade to 4.5.2, fixing CVE-2010-4001 and a bunch of other bugs. See full release notes at http://www.gromacs.org/AboutGromacs/ReleaseNotes/Versions4.5.x . Note that Tenable Network Security has extracted the preceding description block directl...