Debian Linux Security Advisory 4596-1 - Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.
6ebceaf0d89b2cfd7371e7b66dc4d0a44198b1bc2430ecc38e1dec0541185915Debian Linux Security Advisory 4595-1 - It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.
82061cfc85edebc357e70e88bef1a28092a77d75e58404c34d56e60eb1d2f284Debian Linux Security Advisory 4594-1 - Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.
a39d0cc9a81c74129e5f00871afb245984b1984fc1e3bd6c3edaaa4475432379Debian Linux Security Advisory 4593-1 - It was found that freeimage, a graphics library, was affected by the heap buffer overflow and stack exhaustion vulnerabilities.
4ebdd4858626576870687736dfb6bbf6dc59bf2ac9dcf517ef5a2dd786183e7bDebian Linux Security Advisory 4592-1 - It was discovered that the Title blacklist functionality in MediaWiki, a website engine for collaborative work, could by bypassed.
bb20c7cf79bcabae820f69665eb8d16f0f0eb6ff267718a901d2578df8890394Debian Linux Security Advisory 4591-1 - Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the library.
4db92c809e74e626ad26cbe38cd7f796e781962de618ac889bc9c491e03a3624Slackware Security Advisory - New tigervnc packages are available for Slackware 14.2 and -current to fix security issues.
3761322629c9c5cd98ffac11bc9c7d21c77149de443b8fc3a1a74626a8aca9e2Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix a security issue.
ac183b8e752e5f00b1fc5cc6180eb2594a11d4d02915f3992ca665a26a46e860A vulnerability exists in CA Client Automation that can allow a local attacker to gain escalated privileges. CA published solutions to address the vulnerability and recommends that all affected customers implement the applicable solution. The vulnerability, CVE-2019-19231, occurs due to insecure file access by the agent services. A local attacker may exploit this vulnerability to execute arbitrary commands with escalated privileges on an installation of the Client Automation agent. The Windows agent in CA Client Automation versions 14.0, 14.1, 14.2, and 14.3 are affected.
f83b28b09c7c76554eda487fcb8f48e6c31754eb1815d5deca6571ca3cc74d47Red Hat Security Advisory 2019-4361-01 - A library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
8fb50e20295bd9ecc4cbcc8d48352c1e7358fa6fbaaf0d25dbdbee7024c335c5Red Hat Security Advisory 2019-4360-01 - The libyang package provides a library for YANG data modeling language. libyang is a YANG data modelling language parser and toolkit written in C. The library is used e.g. in libnetconf2, Netopeer2, sysrepo and FRRouting projects. Issues addressed include a buffer overflow vulnerability.
be3166a5b5988a969e5b240bb3ab3ef561a9e2a0ed082e45d7449b9601d02f95Debian Linux Security Advisory 4590-1 - It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.
7499dbe419697acfe2027ceca0aba6b752a7e8780a14c7275faefccefb192664Red Hat Security Advisory 2019-4344-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and null pointer vulnerabilities.
e11ac502d606e1134718d23388fd9668d8b17fde716bcede8c211a3ae676b634Slackware Security Advisory - New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
9cefb5e15aa67fbfa341c9f107fa051a63541401c64efa56a9eaf3dd2adda9cdAtlassian Confluence suffers from a man-in-the-middle vulnerability. Versions affected include the 6.x.x and 7.x.x releases.
210e5ceb62fd144e2e3a8982f12780c0009868a791ee1c6d03db5bed99a58027Red Hat Security Advisory 2019-4237-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass and man-in-the-middle vulnerabilities.
3ef3ef43c36441eb0a3d42185d73d3c7abdeea9f1d0fa06b1391b2681245eed3Red Hat Security Advisory 2019-4358-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. An issue was addressed where the credentials API allowed non-admin users to list and retrieve all users credentials.
8d64a15f8acd37509d405de1e4329f96f3110df713ea6216a2650682dc3e0346Red Hat Security Advisory 2019-4356-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
75b2c23f16e2c56c47dd13c644fc7c0898bd6dcca7a91807c78a3eb2563846dcRed Hat Security Advisory 2019-4357-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.
881de3defb7584bf97a9132a154940789ab184d3390211d15fe49e902e793ca6Red Hat Security Advisory 2019-4353-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.
01e632f693290194f6decf41d319edc3180d561f66612a7500d6101d952f0ec1Red Hat Security Advisory 2019-4326-01 - A library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
b9d0915061cf43dbc1453ef5fd0fb6b2e6ebe01cf43682aaa4f4195f863c6394Red Hat Security Advisory 2019-4341-01 - An issue was resolved where Red Hat Quay stored robot account tokens in plain text.
cb4d46e0c022d28e2017f6f2cb80a4bc9bde13c8bc9b0a6bf487ad588d84fe19Red Hat Security Advisory 2019-4352-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. Issues addressed include code execution, deserialization, and information leakage vulnerabilities.
f1533a79e96cd3429ddc8bf06dda73bd15b59ba3b3f8b62bdccf40e56138d887Debian Linux Security Advisory 4589-1 - It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.
81ed36fc1bdd6f0fc5538e25cf7ea4ef12558378dee24e75461bf5406b3f57faUbuntu Security Notice 4224-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.
2d00245a2e8b66cfc557ff1fb2cb66b61f72d82bf26c36911ca948106d412ecb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed