OPENSUSE-SU-2021:0675-1 Security update for alpine

This update for alpine fixes the following issues: Update to release 2.24 A few crash fixes Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 Expansion of the configuration screen for XOAUTH2 to include username, and tenant. Alpine uses the domain in the From: header of a messag...

glibc: Fragmentation attacks possible when EDNS0 is enabled

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

Unrestricted file upload

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...

aspcms corporate website system 0day 2.0 or above through the kill-vulnerability warning-the black bar safety net

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. The vulnerability appears in the...

Mandriva Linux Security Advisory : php (MDVSA-2010:139)

This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Security Enhancements and Fixes in PHP 5.2.14 : - Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. - Fixed a...

CVE-2007-3740

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges...