Moderate: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.19 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.19 security, enhancement & bug fix update...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in CKEditor 4.19

Summary Vulnerabiltiies have been identified in CKEditor 4.19, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-24816 DESCRIPTION: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerabilit...

Important: Red Hat Security Advisory: RHTAS 1.2.1 - Red Hat Trusted Artifact Signer Release

The 1.2.1 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.2 The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18...

Linux Distros Unpatched Vulnerability : CVE-2018-18281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the...

WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Aiden Thái An in WordPress Plugin Accessibility Suite versions = 4.18...

Cross site scripting

Cross Site Scripting XSS vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form...

GSD-2022-1004359 ip: Fix data-races around sysctl_ip_fwd_update_priority.

ip: Fix data-races around sysctlipfwdupdatepriority. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.58 by commit...

Cloud Foundry UAA accepts refresh token as access token on admin endpoints

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...

GSD-2021-1002693 sch_cake: do not call cake_destroy() from cake_init()

schcake: do not call cakedestroy from cakeinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.88 by commit...

UVI-2021-1002245 btrfs: fix memory ordering between normal and ordered work functions

btrfs: fix memory ordering between normal and ordered work functions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.218 by commit...

GSD-2021-1000742 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect

nfc: fix NULL ptr dereference in llcpsockgetname after failed connect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.194 by commit...

Kali Linux 2019.1 Released — Operating System For Hackers

Wohooo! Great news for hackers and penetration testers. Offensive Security has just released Kali Linux 2019.1, the first 2019 version of its Swiss army knife for cybersecurity professionals. The latest version of Kali Linux operating system includes kernel up to version 4.19.13 and patches for...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)

This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visite...

Arista EOS Mlag agent denial of service vulnerability

Arista EOS is a suite of modular operating systems from Arista Networks, Inc. that provide the foundation platform for next-generation data center and cloud networking business requirements. mlag agent is one of the Mlag agents. A security vulnerability exists in the Mlag agent in Arista EOS...

Alice Modem 1111 Cross Site Scripting / Denial Of Service

German ISP 'Alice' has been shipping custom embedded devices DSL modems/routers etc. for the past few years. Their first self-branded DSL modem, Alice Modem 1111, using firmware version 4.19, is prone to at least the following two security vulnerabilities after it has passed initial configuration...