304 matches found
@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10759 via safer-eval (=1.2.3)
safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10759 Source advisory: OSV:GHSA-R3X4-WR4H-PW33...
Debian DLA-1926-1 : thunderbird security update
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message. For Debian 8 'Jessie', these...
SSDP Responder Buffer Overflow Vulnerability
SSDP Responder is an SSDP Simple Service Discovery Protocol daemon for the Linux platform. A buffer overflow vulnerability exists in ssdprecv in the ssdpd.c file in SSDP Responder versions 1.x through 1.5, which can be exploited by an attacker to cause a server crash...
py-matrix-synapse -- multiple vulnerabilities
Matrix developers report: The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation: Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. Prevent a denial-of-service...
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...
CVE-2019-1010083
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
CVE-2019-1010083
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
Debian DLA-1820-1 : thunderbird security update
Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 'Jessie', these problems have been fixed in version 1:60.7.1-1deb8u1. We recommend that you upgrade your thunderbird packages. NOTE: Tenable...
[SECURITY] [DLA 1820-1] thunderbird security update
Package : thunderbird Version : 1:60.7.1-1deb8u1 CVE ID : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For Debian 8 "Jessie", these proble...
SAP HANA Extended Application Services Information Disclosure Vulnerability (CNVD-2019-34744)
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions to support users to query real-time business data query and analysis.Extended Application Services is an application server, Web server and SAP HANA System within the Web...
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1
May 22, 2019 Alexey Shabalin 1:2.9.9.0.52.f824-alt1 - v2.9.4-12-ge905f08 - v2.9.9-52-gf824a4bd fixes: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-5969, CVE-2018-14404, CVE-2018-9251, CVE-2018-14567...
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1
May 22, 2019 Alexey Shabalin 1:2.9.9.0.52.f824-alt1 - v2.9.4-12-ge905f08 - v2.9.9-52-gf824a4bd fixes: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-5969, CVE-2018-14404, CVE-2018-9251, CVE-2018-14567...
Confluence Server Remote Code Execution Vulnerability-vulnerability warning-the black bar safety net
Atlassian company for Confluence Server and Data Center products used in the widgetconnecter Assemblyversion Network Vine CRS/ARS products have full support for the vulnerability detection and verification, 网藤用户可直接登陆www.riskivy.com for verification. ! A, scope of impact Product Confluence Server...
[SECURITY] [DLA 1669-1] libreoffice security update
Package : libreoffice Version : 1:4.3.3-2+deb8u12 CVE ID : CVE-2018-16858 Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document. For Debian 8 "Jessie", this problem has been fixed in version...
Debian DSA-4385-1 : dovecot - security update
halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else...
PYSEC-2019-169
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
Denial Of Service (DoS)
qemu-kvm is vulnerable to denial of service DoS attacks. The vulnerability exists through an integer overflow issue in the qcowopen function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service crash via a large L2 table in a QCOW version 1 image...
GHSA-96JQ-75WH-2658 Moderate severity vulnerability that affects apache axis
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services...
Security Bulletin: IBM Security Guardium is affected by a Bouncy Castle vulnerability
Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-5382 DESCRIPTION: Bouncy Castle could allow a local attacker to obtain sensitive information, caused by an error in the BKS version 1 keystore files. By utilizing an HMAC that is only 16...
CVE-2018-11087
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...