Fedora Update for mod_cluster FEDORA-2019-17556e2ad6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2019-4259)

Summary A security vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements CVE-2019-4259 Vulnerability Details Deployments with protocol access metho...

[SECURITY] Fedora 29 Update: mod_cluster-1.3.11-1.fc29

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

PCI DSS Compliance - Information Leakage

The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide version 3.1. These information leakage issues include one or more of the following : - Detaile...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2019:1374-1 Rating: important References: 1132256 Cross-References: CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2019:1355-1 Rating: moderate References: 1132053 1132054 1133202 1133203 1133498 1133501 Cross-References: CVE-2019-11008 CVE-2019-11009 CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 Affected...

Security update for hostinfo, supportutils (important)

openSUSE Security Update: Security update for hostinfo, supportutils Announcement ID: openSUSE-SU-2019:1351-1 Rating: important References: 1054979 1099498 1115245 1117751 1117776 1118460 1118462 1118463 1125623 1125666 Cross-References: CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639...

Debian: Security Advisory (DLA-1778-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

CloudForms Management Engine cfme is vulnerable to denial of serviceDoS attacks. An attacker is able to execute arbitrary methods via filtering on VMs that MiqExpression will execute, triggerable by API users. An attacker could use this flaw to crash the application...

Privilege Escalation

Firefox is vulnerable to privilege escalation attacks. The JSON viewer in the Developer Tools use insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data which allows a remote user to monitor the network and obtain potentially sensitive information in...

GitHub hosted Magecart skimmer used against hundreds of e-commerce sites

Every day, new e-commerce websites fall into the hands of one of the many Magecart skimmers. Unbeknownst to shoppers, criminals are harvesting their personal information, including payment details in the online equivalent of ATM card skimming. Most often the skimming code—written in JavaScript an...

Security update for kauth (moderate)

openSUSE Security Update: Security update for kauth Announcement ID: openSUSE-SU-2019:1277-1 Rating: moderate References: 1124863 Cross-References: CVE-2019-7443 Affected Products: openSUSE Backports SLE-15 An update that fixes one vulnerability is now available. Description: This update for kaut...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2019:1272-1 Rating: moderate References: 1132053 1132054 1132055 1132058 1132060 1132061 Cross-References: CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 Affected...

Authorization Bypass

symfony/symfony is vulnerable to authorization bypass. A lack of validation in the X-HTTP-METHOD-OVERRIDE allows a remote attacker to override HTTP methods using a malicious value, which could lead to authorization bypass of firewall rules...

SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2019:0956-1)

This update for wget fixes the following issues : Security issue fixed : CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution bsc1131493. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

Security update for clamav (important)

openSUSE Security Update: Security update for clamav Announcement ID: openSUSE-SU-2019:1210-1 Rating: important References: 1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now available...

Security update for SDL (moderate)

openSUSE Security Update: Security update for SDL Announcement ID: openSUSE-SU-2019:1213-1 Rating: moderate References: 1124799 1124800 1124802 1124803 1124805 1124806 1124824 1124825 1124826 1124827 1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576...

katello-installer-base: QMF methods exposed to goferd via qdrouterd

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

Important: Red Hat Security Advisory: katello-installer-base security and enhancement update

An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.2 for RHEL 6 and Red Hat Satellite 6.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVS...

katello-installer-base: QMF methods exposed to goferd via qdrouterd

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...