CVE-2019-10171

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service...

brusselsjazzweekend.be Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-885239 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting brusselsjazzweekend.be websit...

facade-sur-mesure.fr Cross Site Scripting vulnerability

Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting facade-sur-mesure.fr website and its users. Following...

ehs.uinta1.com Cross Site Scripting vulnerability

Security Researcher Medusa27 Helped patch 2 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting ehs.uinta1.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bount...

qemu-kvm security update

0.12.1.2-2.506.el610.4 - kvm-target-i386-Sanitize-the-XSAVE-related-feature-bits.patch bz1673779 - kvm-slirp-check-sscanf-result-when-emulating-ident.patch bz1689790 - Resolves: bz1673779 RHEL8 VM's do not install on RHEL6 KVM hypervisor - Resolves: bz1689790 CVE-2019-9824 qemu-kvm: QEMU: Slirp:...

floraquatic.com Cross Site Scripting vulnerability

Security Researcher logindenied Helped patch 7927 vulnerabilities Received 8 Coordinated Disclosure badges Received 76 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting floraquatic.com website and its users. Following...

customer.heavyhost.com.br Cross Site Scripting vulnerability

Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting customer.heavyhost.com.br website and its users. Following...

peterjacksons.com Cross Site Scripting vulnerability

Security Researcher calv1n Helped patch 22043 vulnerabilities Received 12 Coordinated Disclosure badges Received 37 recommendations , a holder of 12 badges for responsible and coordinated disclosure, found a security vulnerability affecting peterjacksons.com website and its users. Following...

Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)

A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...

PT-2019-2094

Name of the Vulnerable Software and Affected Versions Microsoft Windows Remote Desktop Services versions prior to patchday of May 2019 Windows 2003 Windows XP Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 Description A remote code execution vulnerability exists in Remote...

Exploit for Improper Authentication in Ellucian Banner_Enterprise_Identity_Services

CVE-2019-8978 Improper Authentication CWE-287 in Ellucian...

PT-2019-2967 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6 Description: A double-free issue exists in the idr remove all function in lib/idr.c. This can be exploited by an unprivileged local attacker to potentially escalate privileges or cause a system crash, resulting in a...

About the security content of Xcode 10.2

About the security content of Xcode 10.2 This document describes the security content of Xcode 10.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Fedora 28 : glibc (2018-916dfe0d86)

This update ensures that valgrind works again without installing glibc debuginfo packages RHBZ1570246. It also addresses a security vulnerability in the mempcpy implementation for the Intel Xeon Phi processors CVE-2018-11237, RHBZ1581275. Furthermore, the switch to libidn2 uses the final upstream...

Fedora 29 : webkit2gtk3 (2018-a1f37d2f08)

This update addresses the following vulnerability : - CVE-2018-4345 This update brings the following changes : - Many improvements and fixes for video playback with media source extensions MSE, which improve the user experience across the board, and in particular for playback of WebM videos. - Fi...

PT-2018-2031 · Microsoft · Windows 10 Servers +12

Name of the Vulnerable Software and Affected Versions: Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2019 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers Description: The issue is caused by the Windows...

Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability

The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain. The DDoS vulnerability, identified as...

SUSE-SU-2018:2778-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858 - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM...

SUSE-SU-2018:2563-1 Security update for spice

This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling bsc1104448 - CVE-2018-10893: Avoid buffer overflow on image lz checks bsc1101295...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Performance Management products

Summary Multiple vulnerabilities in the Oracle Java SE and Java SE Embedded impact IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2018-2795 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could...