Debian: Security Advisory (DLA-2208-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

CVE-2020-11026

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

CVE-2020-11026 Specially crafted filenames in WordPress leading to XSS

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previousl...

CVE-2020-11026

CVE-2020-11026 affects WordPress; vulnerable in affected versions where uploading files with specially crafted names to Media can trigger script execution when the file is accessed. The issue requires an authenticated user with upload privileges. A patch was issued in WordPress 5.4.1, and all pre...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...

RLSA-2020:1931 Important: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...

container-tools:2.0 security update

An update is available for udica, toolbox, python-podman-api, slirp4netns, containernetworking-plugins, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

openssl-pkcs11 bug fix and enhancement update

An update is available for openssl-pkcs11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

diffutils bug fix and enhancement update

An update is available for diffutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpri...

pigz bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

PHP-Fusion 9.03.50 Arbitrary File Upload

Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...

PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload

Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...

CVE-2019-8359

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c...

Low: Red Hat Security Advisory: OpenShift Container Platform 4.1.41 security update

Red Hat OpenShift Container Platform release 4.1.41 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which give...

Important: Red Hat Security Advisory: qemu-kvm-ma security update

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.3.13 runc security update

An update for runc is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EulerOS 2.0 SP3 : libdwarf (EulerOS-SA-2020-1398)

According to the versions of the libdwarf package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service progr...