Fedora 37 : trafficserver (2022-62b61a8542)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-62b61a8542 advisory. Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743 Tenable has extracted the preceding description block directly from the...

Amazon Linux AMI : kernel (ALAS-2024-1951)

The version of kernel installed on the remote host is prior to 4.14.350-188.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1951 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function...

MGASA-2024-0321 Updated chromium-browser-stable packages fix security vulnerabilities

Use after free in Downloads. CVE-2024-6988 Use after free in Loader. CVE-2024-6989 Use after free in Dawn. CVE-2024-6991 Heap buffer overflow in Layout. CVE-2024-6994 Inappropriate implementation in Fullscreen. CVE-2024-6995 Race in Frames. CVE-2024-6996 Use after free in Tabs. CVE-2024-6997 Use...

RHSA-2016:0506 Red Hat Security Advisory: python-django security update

Bulletin has no description...

SUSE-SU-2022:14887-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. bsc1107874 - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. bsc1107874 - CVE-2018-17540: Fixed insufficient input...

SUSE-SU-2022:0135-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal bsc951562. - CVE-2015-9261: Fixed segfalts and application crashes in huftbuild bsc1102912. - CVE-2016-2147: Fixed out of bounds write heap due to integer underflow in udhcpc bsc970663. -...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.0: Encrypt LDAP bind password in db with SECRETKEY 15547 Remove random password in Dockerfiles 15362 Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 16590 16606 Correctly create of git-daemon-export-ok files 16508 16514 Don't sho...

Security update for jasper (moderate)

openSUSE Security Update: Security update for jasper Announcement ID: openSUSE-SU-2020:1517-1 Rating: moderate References: 1010979 1010980 1020451 1020456 1020458 1020460 1045450 1057152 1088278 1114498 1115637 1117328 1120805 1120807 Cross-References: CVE-2016-9398 CVE-2016-9399 CVE-2017-14132...

SUSE-SU-2020:1709-2 Security update for mercurial

This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos bsc1133035...

bolsadevaloresaovivo.com.br Cross Site Scripting vulnerability

Security Researcher geeknik Helped patch 8525 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting bolsadevaloresaovivo.com.br website and its users. Followi...

budakesziiranytu.hu Cross Site Scripting vulnerability

Security Researcher g0bl1nsec Helped patch 3712 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting budakesziiranytu.hu website and its users. Following...

MGASA-2018-0378 Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix several security vulnerabilities including: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files CVE-2018-15908. In Artifex Ghostscript 9.23 before 2018-08-24, a typ...

MGASA-2015-0068 Updated patch packages fix security vulnerabilities

Updated patch package fixes security vulnerabilities: It was reported that a crafted diff file can make patch eat memory and later segfault CVE-2014-9637. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could...

RHEL 5 : ntp (RHSA-2014:2025)

Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Oracle Linux 5 : kernel (ELSA-2014-0285)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0285 advisory. - ipc change refcount to atomict Phillip Lougher 1024866 1024868 CVE-2013-4483 - s390 qeth: buffer overflow in snmp ioctl Jacob Tanenbaum 1034402 10344...

Blog:CMS 4.2.1b - SQL Injection Cross-Site Scripting

Blog:CMS 4.2.1b - SQL Injection Cross-Site Scripting Digital Security Research Group DSecRG Advisory DSECRG-08-003 Application: Blogcms Versions Affected: Blogcms 4.2.1b Vendor URL: http://blogcms.com/ Bugs: SQL Injestions, SiXSS, XSS Exploits: YES Reported: 15.01.2008 Vendor response: 16.01.2008...

RHEL 2.1 / 3 : cvs (RHSA-2004:004)

Updated cvs packages closing a vulnerability that could allow cvs to attempt to create files and directories in the root file system are now available. CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a...

Important: Red Hat Security Advisory: bind security update

Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of service DoS attack vulnerability. Various versions of the ISC BIND resolver libraries are vulnerable to a buffer overflow attack. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocol...

[RHSA-2000:114-03] ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: ghostscript uses mktemp instead of mkstemp, and uses an improper LDRUNPATH Advisory ID: RHSA-2000:114-03 Issue date: 2000-11-22 Updated on: 2000-11-22 Product: Red Hat Linux Keywords:...

Security update 1970-01-01

...