ruby security update

2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...

CVE-2015-0203

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing methods other than message-transfer, or 3 a session-gap control before a corresponding...

UBUNTU-CVE-2015-0203

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing methods other than message-transfer, or 3 a session-gap control before a corresponding...

Design/Logic Flaw

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing methods other than message-transfer, or 3 a session-gap control before a corresponding...

CVE-2015-0203

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing methods other than message-transfer, or 3 a session-gap control before a corresponding...

Information disclosure

In Knox SDS IAM Identity Access Management and EMM Enterprise Mobility Management 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container without the user's knowledge by inspecting network traffic from a Samsung server and injecting conten...

CCN-lite Integer Overflow Vulnerability

CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. An integer overflow vulnerability exists in the ndnparsesequence function in CCN-lite versions prior to 2.0.0. An attacker can exploit this vulnerability to cause an integer overflow via...

Important product update: Fixes for Meltdown and Spectre exploits in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 21 (6.0.12-3698)

Hotfix 21 for Virtuozzo 6.0 Update 12 provides fixes for Meltdown and Spectre exploits in virtual machines as well as stability and usability bug fixes. NOTE: For clusters with CPU pools, follow the instructions at https://help.virtuozzo.com/customer/en/portal/articles/2919459. Vulnerability id:...

CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...

CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c...

CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name...

CVE-2017-17662

Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more zero or more for the second pattern of either \ or ..\ -- for example a '../',...

RedHat Update for qemu-kvm RHSA-2018:0024-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2017-0482 Updated ruby-RubyGems packages fix security vulnerabilities

An ANSI escape sequence vulnerability CVE-2017-0899. A DoS vulnerability in the query command CVE-2017-0900. A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. A DNS request hijacking vulnerability CVE-2017-0902. An unsafe object...

CVE-2017-6134

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

Fluentd vulenrable to escape sequence injection

Overview Fluentd provided by Cloud Native Computing Foundation CNCF contains an escape sequence injection vulnerability. Fluentd is an open source data collector provided by Cloud Native Computing Foundation CNCF. The parse Filter Plugin for Fluentd contains an escape sequence injection...

Escape Sequence Injection

Fluentd is vulnerable to escape sequence injection attacks. User input is pushed directly to the logs without filtering, allowing an attacker to change the terminal UI or execute commands on the device parsing the logs...

Design/Logic Flaw

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...