PT-2019-13483 · Unknown · En100 Ethernet Module Iec 61850 Variant +4

Name of the Vulnerable Software and Affected Versions: EN100 Ethernet module DNP3 variant All versions EN100 Ethernet module IEC 61850 variant All versions V4.37 EN100 Ethernet module IEC104 variant All versions EN100 Ethernet module Modbus TCP variant All versions EN100 Ethernet module PROFINET ...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.1.17 packages update

Red Hat OpenShift Container Platform release 4.1.17 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1 jenkins-2-plugins security update

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2019-6027 · Adobe +1 · Flash Player +1

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 32.0.0.156 and earlier Description: The issue is related to an out-of-bounds read in memory, which could allow a remote attacker to disclose protected information. This is a result of a vulnerability in the softwar...

CVE-2015-3953

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update

Red Hat OpenShift Container Platform release 3.11.82 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

PT-2018-2976 · Clusterlabs +5 · Pacemaker +5

Name of the Vulnerable Software and Affected Versions: Pacemaker versions up to and including 2.0.1 Description: The issue is related to an uncontrolled resource consumption in the Pacemaker cluster resource management software, which can be exploited to cause a denial of service DoS. This could...

RHEL 7 : Red Hat OpenShift Enterprise (RHSA-2016:1605)

An update is now available for Red Hat OpenShift Enterprise 3.1 and Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +647 more potentially affected by CVE-2018-16131 via com.typesafe.akka:akka-http-core_2.12 (>=10.1.0 <=10.1.3)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.1.0, =0.3.0, =0.3.1, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc1 and more Source cves: CVE-2018-16131 Source advisory: OSV:GHSA-9QGC-P27W-3HJG...

PT-2018-13569 · Hdf +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.8.20 Description: An issue was discovered in the HDF5 library, where there is an out of bounds read in the H5L extern query function at H5Lexternal.c. Recommendations: For version 1.8.20, consider updating to a newer version th...

PT-2018-10145

Name of the Vulnerable Software and Affected Versions git-annex affected versions not specified Description The issue concerns a private data exposure and exfiltration attack in git-annex. It could expose the content of files located outside the git-annex repository or content from a private web...

Path Traversal in Sprockets

Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround:...

PT-2018-1820 · Apache +5 · Apache Httpd +6

Name of the Vulnerable Software and Affected Versions: Apache httpd versions 2.2.0 through 2.4.29 Description: The issue is related to the generation of an HTTP Digest authentication challenge, where the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed...

Cimg Heap Buffer Out-of-Bounds Read Vulnerability

CImg is an open source C++ tool library for image processing . A heap buffer out-of-bounds read vulnerability exists in CImg version 220. The vendor has released a security advisory and related patch information to fix this vulnerability, and users are advised to download and use it...

Logstash 5.0.1 released with a security patch

Hi all, we would like to announce that Logstash 5.0.1 has been released with an important security patch. Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. We advise our users using Logstash and...

[SECURITY] [DLA DLA-649-1] python-django security update

Package : python-django Version : 1.4.22-1+deb7u1 CVE ID : CVE-2016-7401 It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework. More information can be found in the upstream announcemen...

WordPress Releases Security Update

WordPress 4.5.2 and prior versions are affected by several security issues. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPre...

PT-2016-1753 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.343 Adobe Flash Player versions 19.x through 21.x prior to 21.0.0.213 on Windows and OS X Adobe Flash Player versions prior to 11.2.202.616 on Linux Description: The issue allows attackers to execut...

AirDroid for Android vulnerable in handling of implicit intents

Overview AirDroid for Android provided by SAND STUDIO contains a vulnerability in the handling of implicit intents. Gaku Mochizuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Information in AirDroid may ...

Master User, versions before 2.1.4

Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway. Resolution: Update to version 2.1.4 Update notice URL:...