Security update for uriparser (low)

openSUSE Security Update: Security update for uriparser Announcement ID: openSUSE-SU-2019:0171-1 Rating: low References: 1115722 1115723 1115724 1122193 Cross-References: CVE-2018-19198 CVE-2018-19199 CVE-2018-19200 CVE-2018-20721 Affected Products: openSUSE Backports SLE-15 An update that fixes...

Description of the security update for Office 2010: February 12, 2019

Description of the security update for Office 2010: February 12, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Excel incorrectly discloses the contents of its memory. To learn more about the information disclosure vulnerability, see...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

Code injection

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2019:0132-1 Rating: important References: 1122983 Cross-References: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now...

Security update for pdns-recursor (important)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2019:0107-1 Rating: important References: 1121889 Cross-References: CVE-2019-3807 Affected Products: openSUSE Backports SLE-15 An update that fixes one vulnerability is now available. Description: This update...

ResourceSpace 8.6 SQL Injection

Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=&copy=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...

Security update for openssh (important)

openSUSE Security Update: Security update for openssh Announcement ID: openSUSE-SU-2019:0091-1 Rating: important References: 1121571 1121816 1121818 1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: openSUSE Leap 15.0 An update that fixes four...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2019:0068-1 Rating: important References: 1110279 1116998 Cross-References: CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261...

[SECURITY] Fedora 29 Update: syslog-ng-3.17.2-2.fc29

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Security update for podofo (important)

openSUSE Security Update: Security update for podofo Announcement ID: openSUSE-SU-2019:0066-1 Rating: important References: 1023067 1023069 1023070 1023071 1023380 1027778 1027779 1027782 1027787 1032017 1032018 1032019 1035534 1035596 1037739 1075021 1075026 1075322 1075772 1084894...

Security update for gitolite (moderate)

openSUSE Security Update: Security update for gitolite Announcement ID: openSUSE-SU-2019:0054-1 Rating: moderate References: 1121570 Cross-References: CVE-2018-20683 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 An update that fixes one vulnerability is now...

Insecure Authentication

openssh uses an insecure authentication. It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attac...

Denial Of Service (DoS0

qpid-cpp-mrg is vulnerable to denial of service DoS attacks. The vulnerability exists as the qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing...

SQL Injection In Query_methods

activerecord/lib/activerecord/relation/querymethods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes createwith calls...

Denial Of Service (DoS)

freeradius is vulnerable to denial of service DoS attacks. The vulnerability exists as a stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly...

Security update for libraw (moderate)

openSUSE Security Update: Security update for libraw Announcement ID: openSUSE-SU-2019:0008-1 Rating: moderate References: 1097975 1103200 1103206 Cross-References: CVE-2018-5804 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 Affected Products: openSUSE Leap 15.0 An update that fixes four...

CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...