Today VMware has released the following new security advisory: “VMSA-2018-0010 – Horizon DaaS update addresses a broken authentication issue” This documents the remediation of a moderate severity issue (CVE-2018-6960) in VMware Horizon DaaS that may allow an attacker to bypass two-factor authentication. In order to exploit this issue, an attacker must have a legitimate account […]The post New VMware Security Advisory VMSA-2018-0010 appeared first on VMware Security
More info:
https://blogs.vmware.com/security/2018/04/new-vmware-security-advisory-vmsa-2018-0010.html
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux6.Red Hat Product Security has rated this update as having a security impact ofCritical. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800,
More info:
http://rhn.redhat.com/errata/RHSA-2018-1188.html
Wojciech Regula discovered an XML External Entity vulnerability in theXML Parser of the mindmap loader in freeplane, a Java program forworking with mind maps, resulting in potential information disclosure ifa malicious mind map file is opened.
More info:
https://www.debian.org/security/2018/dsa-4175
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red HatEnterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for RedHat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1088
More info:
http://rhn.redhat.com/errata/RHSA-2018-1136.html
Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).We would like to thank the
More info:
https://www.drupal.org/sa-core-2018-003
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red HatEnterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for RedHat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1088
More info:
http://rhn.redhat.com/errata/RHSA-2018-1137.html
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red HatEnterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for RedHat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1088
More info:
http://rhn.redhat.com/errata/RHSA-2018-1137.html
More info:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red HatEnterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for RedHat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-1088
More info:
http://rhn.redhat.com/errata/RHSA-2018-1136.html
The Citrix Security Response Team discovered that corosync, a clusterengine implementation, allowed an unauthenticated user to cause adenial-of-service by application crash.
More info:
https://www.debian.org/security/2018/dsa-4174
