Security Bulletin: Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF

Summary Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF: CVE-2011-1498 Vulnerability Details Apache HttpComponents Client CVE-2011-1498 Affected version: HttpClient 4.x before 4.1.1 Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2018:2525-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for cgit (moderate)

This update for cgit fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off boo1103799 The following other changes were made: - Update to upstream release 1.2.1...

Security Bulletin: Vulnerability in Apache Commons affects Rational Directory Server Tivoli and Rational Directory Administrator (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by the Apache Software Foundation and incorporated into an IBM WebSphere Application Server Liberty fixes. Vulnerability Details IBM Rational Directory Server Tivoli and Rational Directory...

Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to a denial of service. (CVE-2017-5644)

Summary Open Source Apache Poi Vulnerability Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could...

Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure. (CVE-2017-1162)

Summary The product discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. Vulnerability Details CVEID: CVE-2017-1162 DESCRIPTION: IBM QRadar discloses sensitive information to unauthorized users. The information can be used to...

Security update for patch (important)

This update for patch fixes the following issues: Security issues fixed: - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands bsc1088420. - CVE-2018-6951: Fixed NULL pointer dereference in the intuitdifftype function in pch.c bsc1080918. - CVE-2016-10713: Fixed...

UBUNTU-CVE-2018-7184

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the mos...

[SECURITY] [DSA 4105-2] mpv security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4105-2 [email protected] https://www.debian.org/security/ February 08, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

USN-3522-3 linux regression

USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown CVE-2017-5754. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn...

openSUSE: Security Advisory for tboot (openSUSE-SU-2017:3100-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : libcares2 (openSUSE-2017-58)

This update for libcares2 fixes the following issues : - Add patch to fix single byte out of buffer write CVE-2016-5180, bsc1007728 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

shopify-scripts: Invalid memory access in `mrb_str_format`

Only affects mruby because mruby-engine doesn't have sprintf. I should have filed this last friday before I went to the pub, so missed out on higher bounties. Oh well! Crash file is: sprintf"%1$c", 0 Crash is: $ lldb ./bin/mruby ../crash.rb lldb target create "./bin/mruby" Current executable set ...

DEBIAN-CVE-2016-9372

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects...

CentOS 7 : libpng12 (CESA-2015:2595)

Updated libpng12 packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

Fedora 22 : python-httplib2-0.9-6.fc22 (2015-5503)

Add patch to fix http over proxy. Fixes bug 857514 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Risk of BREACH attack due to reflected parameter.

PMASA-2015-1 Announcement-ID: PMASA-2015-1 Date: 2015-03-04 Summary Risk of BREACH attack due to reflected parameter. Description With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack. Severity We consider this vulnerability to be non critical...

AuraCMS 3.0 Cross Site Scripting / Local File Inclusion

Exploit Title: AuraCMS 3.0 Multiple Vulnerabilities Date: 05/28/2014 Author: Mustafa ALTINKAYNAK Download URL :http://auracms.org/ Software Link: http://codeload.github.com/auracms/AuraCMS/zip/master Vuln Category: CWE-79 XSS - CWE-98 LFI Tested on: AuraCMS 3.0 Tested Local Platform : XAMP on...

CentOS 5 / 6 : xorg-x11-server (CESA-2013:1426)

Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Fedora 19 : nagstamon-0.9.9-9.fc19 (2013-12526)

Added patch for fix security hole in updates-checking mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...