Fedora 29 : php-pecl-imagick (2019-5dc1f4100e)

Version 3.4.4 - The 3.4.4 release is intended to be the last release other than small bug fixes that will support either PHP 5.x, or ImageMagick 6.x. The next planned release will be PHP 7.0 and ImageMagick 7.0 at least, if not higher. - Added: - function Imagick::optimizeImageTransparency -...

Security update for ucode-intel (important)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2019:1402-1 Rating: important References: 1111331 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: openSUSE Leap 15.0 An update that fixes four vulnerabilities is...

Bots Tampering with TLS to Avoid Detection

Researchers at Akamai observed attackers using a novel approach for evading detection. This new technique - which we call Cipher Stunting - has become a growing threat, with its roots tracing back to early-2018. By using advanced methods, attackers are...

Microarchitectural Data Sampling speculative side channel

ISSUE DESCRIPTION Microarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities. They consist of: CVE-2018-12126 - MSBDS - Microarchitectural Store Buffer Data Sampling CVE-2018-12127 - MLPDS - Microarchitectural Load Port Data Sampling CVE-2018-12130 - MFBDS -...

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

Fedora Update for mod_cluster FEDORA-2019-17556e2ad6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2019-4259)

Summary A security vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements CVE-2019-4259 Vulnerability Details Deployments with protocol access metho...

[SECURITY] Fedora 29 Update: mod_cluster-1.3.11-1.fc29

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

PCI DSS Compliance - Information Leakage

The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide version 3.1. These information leakage issues include one or more of the following : - Detaile...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2019:1374-1 Rating: important References: 1132256 Cross-References: CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2019:1355-1 Rating: moderate References: 1132053 1132054 1133202 1133203 1133498 1133501 Cross-References: CVE-2019-11008 CVE-2019-11009 CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Affected...

Security update for hostinfo, supportutils (important)

openSUSE Security Update: Security update for hostinfo, supportutils Announcement ID: openSUSE-SU-2019:1351-1 Rating: important References: 1054979 1099498 1115245 1117751 1117776 1118460 1118462 1118463 1125623 1125666 Cross-References: CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639...

Debian: Security Advisory (DLA-1778-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

CloudForms Management Engine cfme is vulnerable to denial of serviceDoS attacks. An attacker is able to execute arbitrary methods via filtering on VMs that MiqExpression will execute, triggerable by API users. An attacker could use this flaw to crash the application...

Privilege Escalation

Firefox is vulnerable to privilege escalation attacks. The JSON viewer in the Developer Tools use insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data which allows a remote user to monitor the network and obtain potentially sensitive information in...

GitHub hosted Magecart skimmer used against hundreds of e-commerce sites

Every day, new e-commerce websites fall into the hands of one of the many Magecart skimmers. Unbeknownst to shoppers, criminals are harvesting their personal information, including payment details in the online equivalent of ATM card skimming. Most often the skimming code—written in JavaScript an...

Security update for kauth (moderate)

openSUSE Security Update: Security update for kauth Announcement ID: openSUSE-SU-2019:1277-1 Rating: moderate References: 1124863 Cross-References: CVE-2019-7443 Affected Products: openSUSE Backports SLE-15 An update that fixes one vulnerability is now available. Description: This update for kaut...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2019:1272-1 Rating: moderate References: 1132053 1132054 1132055 1132058 1132060 1132061 Cross-References: CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 Affected...

Authorization Bypass

symfony/symfony is vulnerable to authorization bypass. A lack of validation in the X-HTTP-METHOD-OVERRIDE allows a remote attacker to override HTTP methods using a malicious value, which could lead to authorization bypass of firewall rules...

SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2019:0956-1)

This update for wget fixes the following issues : Security issue fixed : CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution bsc1131493. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...