Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
197
security advisorydebianxssDebian: DLA-2854-1 Moderate: noVNC Cross-Site Scripting Vulnerability
An XSS vulnerability was discovered in noVNC, a HTML5 VNC client, in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2854-1
Dec 28, 2021
Debian LTS
203
security advisoryXSSremote accessMageia 7: MGASA-2020-0374 Moderate: noVNC HTML Injection
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635) References: . MGASA-2020-0374 - Updated novnc package fixes a security vulnerability Publication date: 27 Sep 2020 URL: https://advisories.mageia.org/MGASA-2020-0374.html Type: security Affected Mageia releases: 7 CVE: CVE-2017-18635 An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635) References: - https://bugs.mageia.org/show_bug.cgi?id=27306 - https://ubuntu.com/security/notices/USN-4522-1 - https://www.cve.org/CVERecord?id=CVE-2017-18635 SRPMS: - 7/core/novnc-0.5.1-2.1.mga7 . Mageia 2020-0384 releases updates for noVNC to address a cross-site scripting flaw impacting versions older than 0.6.2.. noVNC Update, XSS Fix, Mageia Security, Remote Desktop, HTML Injection. . LinuxSecurity.com Team
Sep 27, 2020
Mageia
98
security advisorymoderateupdateRed Hat OpenStack Platform 13.0: RHSA-2020-0754 Moderate: noVNC XSS
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 13.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2020:0754-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:0754 Issue date: 2020-03-10 CVE Names: CVE-2017-18635 ==================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 13.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - noarch Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information (such as VM tokens). (CVE-2017-18635) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to applythis update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1484711 - [OSP13] rebase novnc to 1.1.0 1765660 - CVE-2017-18635 novnc: XSS vulnerability via the messages propagated to the status field 6. Package List: Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server: Source: novnc-1.1.0-2.el7ost.src.rpm noarch: novnc-1.1.0-2.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0: Source: novnc-1.1.0-2.el7ost.src.rpm noarch: novnc-1.1.0-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-18635 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXmd4m9zjgjWX9erEAQiseQ//Q1ZyVQTuKJqkptTGxtgUINstYWj1z3n9 oOdKSlfTXxiWG2hjKCb3EtHpuB3kDZBGD67+6R2BxXzuGYun52GyPpTy6iAd7cAo bVUVB5SQlffP9A1KN9JSloxLnRSYg4EgeEM4RdGfrpNQSoH2Yu0cn4mwu54yVd/9 JVx3LSNMiS0mdPmaBWxlUZZjZs09MbWBYt28qF09BIWZREunWB4Ai5MWmBNF89fk Zb10V0659l4BtmK1RVC9F00FQxJfWkH9QFTlxeqBvamawzb9GrfteD2aBlOJLZVu DgVm5BHtXTUBLq/1jbG/81R4rWoHuvQIuQ+wFjVuL/8foQfkbUQKFVDCegXx2LIV v5v7spCNo2Zk/hye6B9DsK2IMJe1WnhXbavzJL7USenceP0u7Uuw8rCWecrSXH6C 4T+tptZ6t6jMgQl5xEenZq0c60QMl+HRqxDceSbF5fwEITbJrgRBodBgypcSYC/s Vr8AxFJF3BfMzsC07XUY3yIIhMiyMRd/T1ouz86zBRimBEPDsniqUYgSw/vK5du1 LJiMT9hsGoS/HhXR33K1RDk5nOaNzgrvgZUone7+yq/M2XdQWhksUIlJYHGIWYq2 eFiYVXKxkTcNmkl+SXQ91d4JGx91DD4RdxSJESlSuMS05vCYlyhg46EUjhMfCtep Ss84Xo1w05s=9mkD -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 10, 2020
•Important
Red Hat
98
security advisorymoderateRed Hat Enterprise LinuxRed Hat Enterprise Linux OpenStack Moderate: RHSA-2015-0884 Session Hijack
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0884-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0884.html Issue date: 2015-04-23 CVE Names: CVE-2013-7436 ==================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6.Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: novnc-0.5.1-2.el6ost.src.rpm noarch: novnc-0.5.1-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVOQatXlSAg2UNWIIRAumdAKC2YpzGzZskIuIcx9GaR/g4xYe5dACfaqu1 KhKxGJqUihsGGU16x2U/tTw=sLLP -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 23, 2015
Red Hat
98
security advisorymoderatesecurity updateRed Hat OpenStack 4.0 RHSA-2015:0884-01 Moderate Session Hijack
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0884-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0884.html Issue date: 2015-04-23 CVE Names: CVE-2013-7436 ==================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform4.0: Source: novnc-0.5.1-2.el6ost.src.rpm noarch: novnc-0.5.1-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . A revised novnc package has been released, mitigating a significant security vulnerability for Red Hat Enterprise Linux OpenStack Platform.. novnc Update, Red Hat Enterprise Linux, OpenStack Security, Moderate Risk, Red Hat Advisory. . LinuxSecurity.com Team
Apr 23, 2015
Red Hat
98
security advisorymoderateRed Hat Enterprise LinuxRed Hat: 2015:0834-01 Moderate: noVNC Session Hijack Threat
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0834-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0834.html Issue date: 2015-04-16 CVE Names: CVE-2013-7436 ==================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL7: Source: novnc-0.5.1-2.el7ost.src.rpm noarch: novnc-0.5.1-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . A crucial patch has been released for novnc in Red Hat OpenStack Platform 5.0, enhancing defenses against unauthorized cookie access.. Red Hat Enterprise Linux, novnc update, OpenStack security, session hijack. . LinuxSecurity.com Team
Apr 16, 2015
Red Hat
98
security advisorymoderatered hatUbuntu: USN-2021-1234-1 Medium: VNC Session Interception
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0833-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0833.html Issue date: 2015-04-16 CVE Names: CVE-2013-7436 ==================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL6: Source: novnc-0.5.1-2.el6ost.src.rpm noarch: novnc-0.5.1-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . New novnc package released for Red Hat Enterprise Linux, fixing a significant security vulnerability related to cookie configurations.. novnc Update, OpenStack Security, Red Hat Advisory, Session Protection. . LinuxSecurity.com Team
Apr 16, 2015
Red Hat
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux OpenStack Advisory: Session Hijack Risk Alert
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0788-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0788.html Issue date: 2015-04-07 CVE Names: CVE-2013-7436 ==================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session tokencookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: novnc-0.5.1-2.el7ost.src.rpm noarch: novnc-0.5.1-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJI3cXlSAg2UNWIIRAqYjAJ4gb8sjUQzR7Rq9LhUjZkALJPQcnACfRvSo QPrncxcGiuzdNMnnlt8T1Bo=166I -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 08, 2015
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!