ImageCache Actions - Critical - Multiple Vulnerabilities - SA-CONTRIB-2019-056

The imagecache actions module defines a number of additional image effects that can be used to create image styles. The "Image styles admin" sub module provides additional functionality to duplicate, export and import image styles. The module uses unserialize to import image styles into another...

ESXi patches address partial denial of service vulnerability in hostd process (CVE-2019-5528)

3. Partial denial of service vulnerability in ESXi hostd process CVE-2019-5528 A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive...

OPENSUSE-SU-2019:1635-1 Security update for ansible

This update for ansible fixes the following issues: Ansible was updated to version 2.8.1: Full changelog is at /usr/share/doc/packages/ansible/changelogs/ - Bugfixes - ACI - DO not encode querystring - ACI modules - Fix non-signature authentication - Add missing directory provided via...

OPENSUSE-SU-2019:1632-1 Security update for SDL2

This update for SDL2 fixes the following issues: - Remove the fix for CVE-2019-7637, the modification of function SDLCalculatePitch is only suited for SDL not SDL2, and breaks SDL2 software. bsc1134135 This update was imported from the SUSE:SLE-15:Update update project...

CVE-2019-4158

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574...

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

SUSE-SU-2019:1605-1 Security update for SDL2

This update for SDL2 fixes the following issues: - Remove the fix for CVE-2019-7637, the modification of function SDLCalculatePitch is only suited for SDL not SDL2, and breaks SDL2 software. bsc1134135...

`boxfnonce` obsolete with release of Rust 1.35.0

This commit marks the boxfnonce crate as obsolete and the GitHub repo has since been archived. The functionality of boxfnonce has been added to Rust since 1.35.0. Use Box...

RUSTSEC-2019-0040 `boxfnonce` obsolete with release of Rust 1.35.0

This commit marks the boxfnonce crate as obsolete and the GitHub repo has since been archived. The functionality of boxfnonce has been added to Rust since 1.35.0. Use Box...

CVE-2018-17388

SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to logincheck.php, or the id parameter to addemail.php or editcontent.php...

Input validation

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in...

CVE-2017-8330

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in...

CVE-2017-10721

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car...

Design/Logic Flaw

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car...

CVE-2017-10721

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car...

CVE-2018-10695

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST...

PT-2019-8764 · Moxa · Moxa Awk-3121

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered in the Moxa AWK-3121 device, where the ping functionality, intended for administrators to check network connectivity via ICMP calls, can be exploited by an attacker to execute...

SUSE-SU-2019:1441-1 Recommended update for mariadb, mariadb-connector-c

This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed: - Update to MariaDB 10.2.22 GA: CVE-2019-2510: bsc1122198 CVE-2019-2537: bsc1122198 - Update to MariaDB 10.2.19 GA bsc1116686: CVE-2018-3282: bsc1112432 CVE-2016-9843: bsc1013882 CVE-2018-3174: bsc111236...

[SECURITY] Fedora 29 Update: wavpack-5.1.0-13.fc29

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

CVE-2016-10755

AbanteCart 1.2.8 allows SQL Injection via the sourcelanguage parameter to admin/controller/pages/localisation/language.php and core/lib/languagemanager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php...