Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-023
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public Disclosure: 2024-09-04
CVE…

Read More

Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-020
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401
Tested Version(s): 5.2401
Vulnerability Type: Reflected Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2024-04-05
Solution Date: 2024-07-31
Public Disclosure:…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Sep 05

The Asterisk Development Team would like to announce security release
Certified Asterisk 20.7-cert3.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert3
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert3

## Change Log for Release asterisk-certified-20.7-cert3

###…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Sep 05

The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert12.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert12
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

Repository: https://github.com/asterisk/asterisk
Tag: certified-18.9-cert12

## Change Log for Release asterisk-certified-18.9-cert12

###…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Sep 05

The Asterisk Development Team would like to announce security release
Asterisk 21.4.3.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.4.3
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.4.3

## Change Log for Release asterisk-21.4.3

### Links:

– [Full ChangeLog](…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Sep 05

The Asterisk Development Team would like to announce security release
Asterisk 20.9.3.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.9.3
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.9.3

## Change Log for Release asterisk-20.9.3

### Links:

– [Full ChangeLog](…

Read More

Posted by Asterisk Development Team via Fulldisclosure on Sep 05

The Asterisk Development Team would like to announce security release
Asterisk 18.24.3.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.24.3
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 18.24.3

## Change Log for Release asterisk-18.24.3

### Links:

– [Full ChangeLog](…

Read More

FEDORA-2024-05d7ee197e

Packages in this update:

clamav-1.0.7-1.fc39

Update description:

Update to 1.0.7

CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.

Read More