OPENSUSE-SU-2019:1159-1 Security update for sqlite3

This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 Magellan bsc1119687. Release notes: https://www.sqlite.org/releaselog/3272.html This update was imported from the SUSE:SLE-15:Update...

SUSE-SU-2019:0838-1 Security update for bash

This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASHCMDS allowing the user to execute any command with the permissions of the shell bsc1130324...

SUSE-SU-2019:14003-1 Security update for sqlite3

This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 Magellan bsc1119687...

OPENSUSE-SU-2019:0087-1 Security update for zeromq

This update for zeromq fixes the following issues: Security issue fixed: - CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow bsc1121717 The following tracked packaging change is included: - boo1082318: correctly mark license files as licence instead of...

Description of the security update for SharePoint Server 2010: March 12, 2019

Description of the security update for SharePoint Server 2010: March 12, 2019 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft SharePoint if the software does not check the source markup of an application package. To learn more about the...

CVE-2018-20773

Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...

SUSE-SU-2019:0241-1 Security update for spice

This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslotgetvirt function that could lead to denial-of-service or code-execution bsc1122706...

Code Execution Vulnerability in Qtouch Cross-Platform Technology Configuration Software

Qtouch cross-platform technology configuration software with cross-platform and unified work platform features, can be across multiple operating systems at the same time on multiple operations to achieve a unified work platform. A code execution vulnerability exists in Qtouch Cross-Platform...

CVE-2019-1641

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

The vulnerability of the Windows Runtime component of the Windows operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Windows Runtime component of the Windows operating system exists due to errors in object handling in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially created application...

SUSE SLED15 / SLES15 Security Update : zeromq (SUSE-SU-2019:0110-1)

This update for zeromq fixes the following issues : Security issue fixed : CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow bsc1121717 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

Command execution vulnerability in Philips Smart Wireless Speaker web service formUpgradeURL web interface

The Philips Smart Wireless Speaker is an AI-based music player that can be connected to the internet. A command execution vulnerability exists in the Philips Smart Wireless Speaker web service formUpgradeURL web interface, which can be exploited by an attacker to execute commands...

drupal -- Drupal core - Arbitrary PHP code execution

Drupal Security Team reports: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on insufficiently validated user input, thereb...

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service DoS attacks. The vulnerability exists as a use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service instance crash or possibly execute arbitrary code via a...

Debian: Security Advisory (DSA-4368-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-0583

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows...

January 8, 2019—KB4480970 (Monthly Rollup)

January 8, 2019—KB4480970 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

Command Execution Vulnerability in NetShow Sino-British Enterprise Website System v5.6

WebShow Sino-British Enterprise Website System is a simple and easy-to-use website management system developed by WebTech. A command execution vulnerability exists in Nethub Sino-British Enterprise Website System v5.6, which can be exploited by attackers to execute system commands...

FasterXML Jackson-databind code issue vulnerability (CNVD-2019-37152)

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . A security vulnerability exists in FasterXML Jackson-databind version 2.x prior to 2.9.8. An attacker can exploit the vulnerability to execute...

Code Execution Vulnerability in CIM City Information Aggregation System

CIM is a city information aggregation CMS that is easy to operate, powerful, data standardized, flexible in settings, and can easily realize various website types and style interfaces. A code execution vulnerability exists in CIM City Information Aggregation System, which can be exploited by...