kdelibs and kde-settings security and bug fix update

kdelibs 6:4.14.8-11 - KConfig: malicious .desktop files would execute code Resolves: bz1740736 kde-settings 19-23.10.0.1 - Change GreetString bug 11710280 19-23.10 - Use correct tcsh syntax for config scripts Resolves: bz1738491...

The vulnerability of Microsoft XML (MSXML) syntax analysis in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of Microsoft XML MSXML operating system-based systems lies in errors related to restricting XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially created web page from a remote location...

[SECURITY] Fedora 30 Update: nfdump-1.6.18-1.fc30

Nfdump is a set of tools to collect and process NetFlow data. It's fast and has a powerful filter pcap like syntax. It supports NetFlow versions v1, v5, v7 , v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA NSEL and CISCO NAT NEL devices which export event logging...

Security update for neovim (important)

openSUSE Security Update: Security update for neovim Announcement ID: openSUSE-SU-2019:1997-1 Rating: important References: 1137443 Cross-References: CVE-2019-12735 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update f...

WordPress crayon-syntax-highlighter plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. crayon-syntax-highlighter is used in one of the syntax highlighting plugin built using PHP and jQuery. A cross-site scripting...

Cross site scripting

The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests...

CVE-2016-10893

The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests...

CVE-2016-10893

The CVE-2016-10893 entry concerns the WordPress Crayon Syntax Highlighter plugin. Affected software: crayon-syntax-highlighter plugin for WordPress, prior to version 2.8.4. Root cause: multiple XSS (cross-site scripting) flaws exploitable via AJAX requests. Impact: client-side code execution risk...

DEBIAN-CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

Code injection

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

CVE-2016-10805

cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajaxmaketextsyntaxutil.pl SEC-109...

KDE 4/5 KDesktopFile Command Injection

| | | | | / \ '/ \ | |/ | | / / / | | || | | | /|| |/|| https://zero.lol zero days 4 days Title: KDE 4/5 KDesktopFile Command Injection Date: July 28th 2019 Author: Dominik Penner / zer0pwn Vendor Homepage: https://kde.org/ Software Link: https://cgit.kde.org Version: 5.60.0 and below...

CVE-2018-20944

cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test SEC-353...

CVE-2018-20911

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup SEC-359...

CVE-2018-20911

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup SEC-359...

Code injection

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup SEC-359...

CVE-2018-20911

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup SEC-359...

CVE-2019-14398

cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajaxmaketextsyntaxutil.pl SEC-498...

SUSE SLED12 / SLES12 Security Update : spamassassin (SUSE-SU-2019:1961-1)

This update for spamassassin to version 3.4.2 fixes the following issues : Security issues fixed : CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails bsc1108745. CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users bsc1108748. CVE-2018-11780: Fixe...