Important: Red Hat Security Advisory: qpid-proton security update

An update for qpid-proton is now available for Satellite Tools 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Upgrading to Storefront 3.12 CU4 fails - MSI logs shows Citrix Protocol Transition service exception

When attempting to upgrade Storefront 3.12 LTSR to CU4 fails. In the Install wizard the following message is displayed: When checking the MSI Installer logs the following exception is found NOTE: MSI logs are found in C:\Windows\Temp\Storefront\CitrixMsi-CitrixStoreFront-x64-201X.-xx-xx-xx.log...

Important: Red Hat Security Advisory: qpid-proton security update

An update for qpid-proton is now available for Red Hat Satellite 6.3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: qpid-proton security update

An update for qpid-proton is now available for Red Hat Satellite 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-15227

FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

Cross site request forgery (csrf)

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

CVE-2019-15229

FUEL CMS 1.4.4 is affected by a CSRF flaw in the Admin console’s blocks/create/Create Blocks section. The vulnerability allows an attacker to trick an administrator into executing arbitrary code by requesting a crafted HTML page. Root cause: CSRF in the blocks/create path. Impact is described as ...

ALSA-2019:2511 Important: mysql:8.0 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql 8.0.17. Security Fixes: mysql: Server: Replication multiple unspecified vulnerabilities...

CVE-2017-18506

CVE-2017-18506 affects the WordPress plugin woocommerce-pdf-invoices-packing-slips (before 2.0.13). The vulnerability is an XSS flaw triggered via the tab or section variable on the plugin’s settings screens. Public documentation consistently identifies this as a client-side script execution risk...

Evaluating the NSA's Telephony Metadata Program

Interesting analysis: "Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended?" by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversi...

Important: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: procps-ng security update

An update for procps-ng is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...

CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

Integer overflow

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...