openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1813)

This update for MozillaThunderbird version 60.8 fixes the following issues : Security issues fixed : - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. - CVE-2019-11712:...

CVE-2019-14680

The admin-renamer-extended aka Admin renamer extended plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF...

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

Design/Logic Flaw

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

PT-2019-6111 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.6.6 Description: The issue allows remote command execution as root. It requires access to the server as the nagios user or access as the admin user via the web interface. The getprofile.sh script is executed as...

SUSE-SU-2019:1961-1 Security update for spamassassin

This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails bsc1108745. - CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users bsc1108748. - CVE-2018-11780:...

CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Cross site request forgery (csrf)

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11712

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Security update for neovim (important)

openSUSE Security Update: Security update for neovim Announcement ID: openSUSE-SU-2019:1796-1 Rating: important References: 1137443 Cross-References: CVE-2019-12735 Affected Products: openSUSE Backports SLE-15 An update that fixes one vulnerability is now available. Description: This update for...

EulerOS 2.0 SP2 : gstreamer1-plugins-base (EulerOS-SA-2019-1738)

According to the version of the gstreamer1-plugins-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server,...

Updated thunderbird packages fix security vulnerability

Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...

Improper Access Control

stapler web framework is vulnerable to Improper Access Control. The UI views are frequently comprised of several view fragments, enabling plugins to extend existing views with more content. This vulnerability allows an attacker to directly access a view fragment containing sensitive information,...

SUSE-SU-2019:14124-1 Security update for MozillaFirefox

This update for MozillaFirefox to version ESR 60.8 fixes the following issues: Security issues fixed: - CVE-2019-9811: Sandbox escape via installation of malicious language pack bsc1140868. - CVE-2019-11711: Script injection within domain through inner window reuse bsc1140868. - CVE-2019-11712:...

Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

OPENSUSE-SU-2019:1702-1 Security update for monitoring-plugins

This update adds monitoring-plugins to PackageHub 15, for use by various monitoring solutions...

Security update for monitoring-plugins (moderate)

openSUSE Security Update: Security update for monitoring-plugins Announcement ID: openSUSE-SU-2019:1702-1 Rating: moderate References: 1132350 1132903 1133107 498669 519240 640367 677711 778970 789428 847229 859105 914486 Cross-References: CVE-2007-5623 Affected Products: openSUSE Backports SLE-1...

Fedora Update for dovecot FEDORA-2019-1b61a528dd

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...