Security update for dbus-1 (important)

openSUSE Security Update: Security update for dbus-1 Announcement ID: openSUSE-SU-2021:2292-1 Rating: important References: 1187105 Cross-References: CVE-2020-35512 CVSS scores: CVE-2020-35512 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35512 SUSE: 7...

Security update for arpwatch (important)

openSUSE Security Update: Security update for arpwatch Announcement ID: openSUSE-SU-2021:2177-1 Rating: important References: 1186240 Cross-References: CVE-2021-25321 CVSS scores: CVE-2021-25321 SUSE: 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.3 An update...

Security update for libass (moderate)

openSUSE Security Update: Security update for libass Announcement ID: openSUSE-SU-2021:1664-1 Rating: moderate References: 1184153 Cross-References: CVE-2020-24994 CVSS scores: CVE-2020-24994 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 An update th...

Security update for graphviz (critical)

openSUSE Security Update: Security update for graphviz Announcement ID: openSUSE-SU-2021:1651-1 Rating: critical References: 1185833 Cross-References: CVE-2020-18032 CVSS scores: CVE-2020-18032 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-18032 SUSE: 9.8...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:1014-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...

Security Bulletin: Eclipse OpenJ9 jio_snprintf() and jio_vsnprintf() buffer overflow and

Summary In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. These functions were not directly callable by non-native user code. And This...

KB5005112: Servicing stack update for Windows 10, version 1809: August 10, 2021

KB5005112: Servicing stack update for Windows 10, version 1809: August 10, 2021 Important: Windows 10, version 1809 reached end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer be offered...

Security update for clamav-database (important)

openSUSE Security Update: Security update for clamav-database Announcement ID: openSUSE-SU-2021:2242-1 Rating: important References: 1084929 Affected Products: openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This update for clamav-database fixes the...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:0942-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...

ruby: Code injection via command argument of Shell#test / Shell#[]

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

UBUNTU-CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

Monumental Supply-Chain Attack on Airlines Traced to State Actor

A monster cyberattack on SITA, a global IT provider for 90 percent of the world’s airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history. The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentiall...

SUSE: Security Advisory (SUSE-SU-2017:0426-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Description of the security update for Office 2016: June 8, 2021 (KB5001951)

Description of the security update for Office 2016: June 8, 2021 KB5001951 Summary This security update resolves a Microsoft Excel Remote Code Execution Vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-31939. Note: To apply this...

403Fuzzer - Fuzz 403/401Ing Endpoints For Bypasses

Fuzz 403ing endpoints for bypasses Follow on twitter! @intrudir This tool will check the endpoint with a couple of headers such as X-Forwarded-For It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path. e.g. /%2e/test/test2...

Security update for inn (moderate)

openSUSE Security Update: Security update for inn Announcement ID: openSUSE-SU-2021:0830-1 Rating: moderate References: 1182321 Cross-References: CVE-2021-31998 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for inn fixes th...

July 13, 2021 Public preview security update (KB5004243)

July 13, 2021 Public preview security update KB5004243 Improvements and fixes This public preview security update includes quality improvements. Key changes include: Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more...

Apache Dubbo代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A deserialization vulnerability...

Showmax: xmlrpc.php is publicly available at https://stories.showmax.com/xmlrpc.php

Summary: Greetings @Showmax, i found an xmlrpc.php file on https://stories.showmax.com, it's publicly available and it accepts POST requests. Description: your site is a WordPress site based, xmlrpc.php is a file that is intended to make API calls between hosts, if it's enabled on a WordPress sit...

Code injection

redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host...