OPENSUSE-SU-2021:2637-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdofirebase module bsc1188035. - CVE-2021-21705: Fixed SSRF bypass in FILTERVALIDATEURL bsc1188037...

OPENSUSE-SU-2021:1091-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

OPENSUSE-SU-2021:0973-1 Security update for libqt5-qtwebengine

This update for libqt5-qtwebengine fixes the following issues: Update to version 5.15.3 CVE fixes backported in chromium updates: - CVE-2020-16044: Use after free in WebRTC - CVE-2021-21118: Heap buffer overflow in Blink - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free i...

Advisory ROSA-SA-2021-1956

Software: procps-ng 3.3.10 OS: Cobalt 7.9 CVE-ID: CVE-2018-1126. CVE-Crit: CRITICAL. CVE-DESC: procps-ng before version 3.3.15 is vulnerable due to incorrect integer size in proc / alloc. , Which leads to truncation / integer overflow problems. This flaw is related to CVE-2018-1124. CVE-STATUS:...

Underflow problems occurring when a token has >18 decimals

Handle tensors Vulnerability details Impact The contracts assume that all tokens will have =18 decimals. If the Tracer team are the only people deploying the contracts, and they keep this in mind, this isn't a problem. If the contracts are to be deployed by other people, this assumption should be...

Logic error in fee subtraction

Handle 0xsanson Vulnerability details Impact In LibBalances.applyTrade we need to collect a fee from the trade. The current code however subtracts a fee from the short position and adds it to the long. The correct implementation is to subtract a fee to both see TracerPerpetualSwaps.solL272. This...

Hotfix XS82E025 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX316325 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

SUSE: Security Advisory (SUSE-SU-2019:1476-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

glib2 security and bug fix update

2.56.4-10 - Fix various problems in GMainContext Resolves: 1953553 - Fix CVE-2021-27219 Resolves: 1960600...

Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable

Sending its users to PayPal has created all sorts of problems that Twitter should have caught ahead of time...

Security fix for the ALT Linux 10 package samba version 4.14.4-alt1

April 30, 2021 Evgeny Sinelnikov 4.14.4-alt1 - Fix buffer overrun in sidstounixids Fixes: CVE-2021-20254 - Final migration to /run directory Closes: 35891, 36652, 39992 - Avoid build problems on e2k...

SUSE-SU-2021:1250-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 XSA-366, bsc1182431...

SUSE: Security Advisory (SUSE-SU-2020:3255-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1480-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:0823-1 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-9554 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check bsc1179664. - Fixed a...

PT-2021-14900 · Gitlab +1 · Gitlab Ce/Ee +2

Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 13.7 and later Description: The issue is related to the validation of certificates for the Fortinet OTP, which could result in authentication issues. Recommendations: For Gitlab CE/EE versions 13.7 and later, update to a...

Citrix Workspace App Assistance for Non-Admins

Clickhere to download Citrix Workspace App. You have been directed to this article because you have questions about or need assistance with Citrix Workspace app and you are NOT an administrator or technical contact for your organization. As a non-admin user of Citrix Workspace app, you must conta...

Arbitrary File Read Vulnerability in Ruijie EG Easy Gateway WEB Management System

Ruijie EasyGate is a multi-service integrated gateway product launched by Ruijie Networks to solve the current network egress problems. The WEB management system of Ruijie EG EasyGate has an arbitrary file reading vulnerability, which can be exploited by an attacker to log in a user with low...

PT-2021-16752 · Apport +2 · Apport +2

Name of the Vulnerable Software and Affected Versions: apport affected versions not specified Description: The issue concerns the get pid info function in the data/apport component, which fails to properly parse the /proc/pid/status file from the kernel. This parsing issue may lead to potential...

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...