[SECURITY] Fedora 34 Update: python3.8-3.8.12-1.fc34

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 33 Update: python3.8-3.8.12-1.fc33

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

Fedora: Security Advisory for php (FEDORA-2021-45ba66bd29)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: libguestfs-1.45.7-2.fc34

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different...

py-matrix-synapse -- several vulnerabilities

Matrix developers report: This release patches two moderate severity issues which could reveal metadata about private rooms: CVE-2021-39164: Enumerating a private room's list of members and their display names. CVE-2021-39163: Disclosing a private room's name, avatar, topic, and number of members...

[SECURITY] Fedora 34 Update: prosody-0.11.10-1.fc34

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

CVE-2021-29976

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbi...

Tennessee Valley Authority: Rate limit missing sign-in page

Vulnerability description not provided...

Radare2 - UNIX-like Reverse Engineering Framework And Command-Line Toolset

r2 is a rewrite from scratch of radare. It provies a set of libraries, tools and plugins to ease reverse engineering tasks. The radare project started as a simple command-line hexadecimal editor focused on forensics, over time more features were added to support a scriptable command-line low leve...

PyCharm Community, Professional: Remote code execution

Background PyCharm is the Python IDE for professional developers. Description Insufficient validation exists within PyCharm’s checks for fetching projects from VCS. Impact If a victim can be enticed into fetching a VCS project via PyCharm, a remote attacker could achieve remote code execution...

Exploit_Mitigations - Knowledge Base Of Exploit Mitigations Available Across Numerous Operating Systems, Architectures And Applications And Versions

The goal is to list exploitation mitigations added over time in various operating systems, software, libraries or hardware. It becomes handy to know if a given vulnerability is easily exploitable or not depending on exploitation mitigations in place. An example is the following: Supported targets...

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins availab...

Important: Red Hat Bug Fix Advisory: Red Hat Ansible Automation Platform Product Release

Red Hat Ansible Automation Platform 2.0 is now available. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automatio...

Security Vulnerabilities fixed in Thunderbird 78.12 — Mozilla

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

CVE-2021-32679

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

CVE-2021-32679

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

The-Bastion - Authentication, Authorization, Traceability And Auditability For SSH Accesses

Bastions are a cluster of machines used as the unique entry point by operational teams such as sysadmins, developers, database admins, ... to securely connect to devices servers, virtual machines, cloud instances, network equipment, ..., usually using ssh. Bastions provides mechanisms for...

Google now requires app developers to verify their address and use 2FA

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification 2SV, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards...

CVE-2021-29967

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.11,...

[SECURITY] Fedora 34 Update: tor-0.4.5.9-1.fc34

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...