Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryXSSdebian

Debian 8 Jessie: DLA-1988-1 Moderate: Ampache SQL Injection and XSS

Several vulnerabilities were discovered in Ampache, a web-based audio file management system. . Package : ampache Version : 3.6-rzb2752+dfsg-5+deb8u1 CVE ID : CVE-2019-12385 CVE-2019-12386 Several vulnerabilities were discovered in Ampache, a web-based audio file management system. CVE-2019-12385 A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker. CVE-2019-12386 The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality. For Debian 8 "Jessie", these problems have been fixed in version 3.6-rzb2752+dfsg-5+deb8u1. We recommend that you upgrade your ampache packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance the ampache software to mitigate various security vulnerabilities impacting Debian 8 Jessie, particularly focusing on preventing XSS and SQL injection threats.. Ampache Security Update, Debian Jessie Advisory, SQL Injection Protection, XSS Vulnerability Fix, Package Upgrade Recommendations. . LinuxSecurity.com Team

Calendar 2 Nov 11, 2019 Debian LTS
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiansql injection

Debian 5.0: DSA-2030-1 Medium: Mahara SQL Injection Risk

It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2030-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Nico Golde April 6th, 2010 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mahara Vulnerability : sql injection Problem type : remote Debian-specific: no Debian bug : none CVE ID : CVE-2010-0400 It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names. For the stable distribution (lenny), this problem has been fixed in version 1.0.4-4+lenny5. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.2.4-1. We recommend that you upgrade your mahara packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) ---------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 40648 cd057351de5462d5e1df2d75bf3f2247 Size/MD5 checksum: 1304 e87fa2a0e67a71eef479be5a5da65894 Size/MD5 checksum: 2383079 cf1158e4fe3cdba14fb1b71657bf8cc9 Architecture independent packages: Size/MD5 checksum: 8106 5b0910999a1bfdfbce8740219d9549dc Size/MD5 checksum: 1662742 289da5fba44237ff1c17a462cb6cd9f7 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Enhance mahara modules to mitigate an SQL injection vulnerability that might jeopardize the database against external attacks.. Mahara Exploit, SQL Risk, Database Exposure, Debian Security. . Severity: Medium. LinuxSecurity.com Team

Calendar 2 Apr 06, 2010 Medium Debian
Banner 1 1028x280 1708121660 1771599717
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentooinsecure permissions

Gentoo: 200504-30 Normal: phpMyAdmin Insecure SQL Script Threat

phpMyAdmin leaves the SQL install script with insecure permissions, potentially leading to a database compromise. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: phpMyAdmin: Insecure SQL script installation Date: April 30, 2005 Bugs: #88831 ID: 200504-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= phpMyAdmin leaves the SQL install script with insecure permissions, potentially leading to a database compromise. Background ========= phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/phpmyadmin < 2.6.2-r1 > = 2.6.2-r1 Description ========== The phpMyAdmin installation process leaves the SQL install script with insecure permissions. Impact ===== A local attacker could exploit this vulnerability to obtain the initial phpMyAdmin password and from there obtain information about databases accessible by phpMyAdmin. Workaround ========= Change the password for the phpMyAdmin MySQL user (pma): mysql -u root -p SET PASSWORD FOR 'pma'@'localhost' = PASSWORD('MyNewPassword'); Update your phpMyAdmin config.inc.php: $cfg['Servers'][$i]['controlpass'] = 'MyNewPassword'; Resolution ========= All phpMyAdminusers should change password for the pma user as described above and upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/phpmyadmin-2.6.2-r1" Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200504-30 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . phpMyAdmin on Gentoo exhibits vulnerable SQL script permissions, posing a threat to database security; essential measures for remediation outlined.. phpMyAdmin,Gentoo Advisory,SQL Permissions,Database Security,Security Update. . LinuxSecurity.com Team

Calendar 2 Apr 30, 2005 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here