OPENSUSE-SU-2019:2348-1 Security update for tcpdump

This update for tcpdump fixes the following issues: - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoeprint and lookupemem bsc1068716 bsc1153098. - CVE-2018-10103: Fixed a mishandling of the printing of SMB data bsc1153098. - CVE-2018-10105: Fixed a mishandling of the printing o...

Galaxy S10 Fingerprint Sensor Thwarted With Screen Protector: Report

UPDATE Samsung has acknowledged that anyone can bypass the Galaxy S10 fingerprint sensor using a third-party case after a woman alleged that a $3 smartphone screen protector allowed unauthorized users to dupe her Samsung Galaxy S10’s fingerprint recognition sensor – giving access to her phone and...

MGASA-2019-0255 Updated irssi packages fix security vulnerability

Updated irssi packages fix security vulnerability: Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP CVE-2019-15717...

Apple Releases iOS 12.4.1 Emergency Update to Patch 'Jailbreak' Flaw

Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you? Let's try it again... Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability, like it or not, that was initially patched by the company in iOS 12.3 b...

SUSE-SU-2019:2089-1 Security update for squid

This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials bsc1141329. - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials...

OPENSUSE-SU-2019:1766-1 Security update for webkit2gtk3

This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608,...

High-Severity Cisco Flaw in IOS XE Enables Device Takeover

Cisco has patched a high-severity vulnerability in its software for routers and switches, which could enable a remote attacker to reconfigure or execute commands on impacted devices. IOS XE, a Linux-based version of Cisco’s Internetworking Operating System IOS, is software for Cisco routers and...

SUSE-SU-2019:1452-1 Security update for libvirt

This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...

Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected...

CVE-2019-1809

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

Design/Logic Flaw

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

CVE-2019-1808 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

CVE-2019-1808 Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

CVE-2019-1809

CVE-2019-1809 affects Cisco NX-OS Software. The vulnerability lies in the Image Signature Verification feature, due to improper verification of digital signatures for patch images. An authenticated, local attacker with administrator-level credentials could craft and load an unsigned patch, bypass...

CVE-2019-1809 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

CVE-2019-1809 Cisco NX-OS Software Patch Signature Verification Bypass Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...

SUSE-SU-2019:1215-1 Security update for python-Django1

This update for python-Django1 fixes the following issue: Security issue fixed: - CVE-2019-6975: Fixed memory exhaustion in django.utils.numberformat.format bsc1124991...

High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack

Cisco Systems has patched two high-severity vulnerabilities that can be exploited by remote unauthenticated adversaries to launch denial of service attacks. Impacted are Cisco’s TelePresence Video Communication Server and the company’s ASA 5500-X Series Firewalls. The vulnerability with the wides...

CVE-2019-1836

CVE-2019-1836 affects Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode. The issue is a symbolic link path traversal in the system shell caused by incorrect symbolic-link verification of directory paths, enabling an authenticated, local attacker with valid c...