openSUSE: Security Advisory for zstd (openSUSE-SU-2019:1952-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994

A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

PT-2019-4784

Name of the Vulnerable Software and Affected Versions Nokogiri versions 1.10.3 and earlier Rexical versions 1.0.6 and earlier Description A command injection issue allows commands to be executed in a subprocess via Ruby's Kernel.open method. This occurs when the undocumented method...

UBUNTU-CVE-2018-14669

ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server...

PT-2019-9040 · Clickhouse · Clickhouse Mysql Client

Name of the Vulnerable Software and Affected Versions: ClickHouse MySQL client versions prior to 1.1.54390 Description: The issue concerns the "LOAD DATA LOCAL INFILE" functionality in the ClickHouse MySQL client, which was enabled and allowed a malicious MySQL database to read arbitrary files fr...

Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

DEBIAN-CVE-2019-15058

stbimage.h aka the stb image loader 2.23 has a heap-based buffer over-read in stbitgaload, leading to Information Disclosure or Denial of Service...

ALPINE-CVE-2019-9515

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost...

openSUSE Security Update : zstd (openSUSE-2019-1845)

This update for zstd to version 1.4.2 fixes the following issues : Security issues fixed : - CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write boo1142941. Non-security issues fixed : - Added --no-compress-literals CLI flag to enable or...

DEBIAN-CVE-2019-14939

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

CVE-2019-14939

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

UBUNTU-CVE-2019-14939

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

Buffer overflow

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

CVE-2019-14939

An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0085)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0086)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The writ...

NewStart CGSL MAIN 4.06 : libvirt Multiple Vulnerabilities (NS-SA-2019-0089)

The remote NewStart CGSL host, running version MAIN 4.06, has libvirt packages installed that are affected by multiple vulnerabilities: - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is...

NewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0091)

The remote NewStart CGSL host, running version MAIN 4.06, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation i...

NewStart CGSL MAIN 4.05 : libvirt Multiple Vulnerabilities (NS-SA-2019-0152)

The remote NewStart CGSL host, running version MAIN 4.05, has libvirt packages installed that are affected by multiple vulnerabilities: - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is...