Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentooprivilege escalation

Gentoo: GLSA 202103-15 Normal: Openfire Elevated Access Vulnerabilities

Multiple vulnerabilities have been found in Openfire, the worst of which could lead to privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-50 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Openfire: Multiple vulnerabilities Date: December 31, 2016 Bugs: #603604 ID: 201612-50 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Openfire, the worst of which could lead to privilege escalation. Background ========= Openfire (formerly Wildfire) is a cross-platform real-time collaboration server based on the XMPP (Jabber) protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/openfire < 4.1.0 > = 4.1.0 Description ========== Multiple vulnerabilities have been discovered in Openfire. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could bypass the CSRF protection mechanism, conduct Cross-Site Scripting attacks, or an authenticated remote attacker could gain privileges while accessing Openfire's web interface. Workaround ========= There is no known workaround at this time. Resolution ========= All Openfire users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-im/openfire-4.1.0" References ========= [ 1 ] CVE-2015-6972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6972 [ 2 ] CVE-2015-6973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6973 [ 3 ]CVE-2015-7707 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7707 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-50 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The March 2023 security advisory from Gentoo, GLSA 202303-17, outlines several vulnerabilities within the Apache Axis framework, highlighting possible threats related to data integrity.. Openfire Security Risks,Gentoo GLSA 201612-50,XMPP Security,Privilege Escalation,Security Advisory. . LinuxSecurity.com Team

Calendar 2 Dec 31, 2016 Gentoo
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryhigh severityprivilege escalation

Arch Linux: ASA-201612-21 High Severity Openfire Threats

The package openfire before version 4.1.0-1 is vulnerable to multiple issues including privilege escalation, cross-site request forgery and cross-site scripting. . Arch Linux Security Advisory ASA-201612-21 ========================================= Severity: High Date : 2016-12-23 CVE-ID : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707 Package : openfire Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-15 Summary ====== The package openfire before version 4.1.0-1 is vulnerable to multiple issues including privilege escalation, cross-site request forgery and cross-site scripting. Resolution ========= Upgrade to 4.1.0-1. # pacman -Syu "openfire> =4.1.0-1" The problems have been fixed upstream in version 4.1.0. Workaround ========= None. Description ========== - CVE-2015-6972 (cross-site scripting) Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group- summary.jsp. - CVE-2015-6973 (cross-site request forgery) Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. - CVE-2015-7707 (privilege escalation) Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp. Impact ===== A remote attacker is able to escalateprivileges, perform cross-site request forgery and cross-site scripting. References ========= http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt https://igniterealtime.atlassian.net/browse/OF-942 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt https://igniterealtime.atlassian.net/browse/OF-941 https://security.archlinux.org/CVE-2015-6972 https://security.archlinux.org/CVE-2015-6973 https://security.archlinux.org/CVE-2015-7707 . Arch Linux Security Notice: Critical vulnerabilities identified in openfire package. Upgrade to version 4.1.0-1 to ensure safety.. Arch Linux Updates, Openfire Security Flaws, Privilege Escalation Fix. . LinuxSecurity.com Team

Calendar 2 Dec 27, 2016 ArchLinux
Banner 2 1028x280 1708121730 1 1771599631
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoosql injection

Gentoo: GLSA-200904-01 Normal: Openfire Remote Execution Threats

Multiple vulnerabilities were discovered in Openfire, the worst of which may allow remote execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Openfire: Multiple vulnerabilities Date: April 02, 2009 Bugs: #246008, #254309 ID: 200904-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were discovered in Openfire, the worst of which may allow remote execution of arbitrary code. Background ========= Ignite Realtime Openfire is a fast real-time collaboration server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/openfire < 3.6.3 > = 3.6.3 Description ========== Two vulnerabilities have been reported by Federico Muttis, from CORE IMPACT's Exploit Writing Team: * Multiple missing or incomplete input validations in several .jsps (CVE-2009-0496). * Incorrect input validation of the "log" parameter in log.jsp (CVE-2009-0497). Multiple vulnerabilities have been reported by Andreas Kurtz: * Erroneous built-in exceptions to input validation in login.jsp (CVE-2008-6508). * Unsanitized user input to the "type" parameter in sipark-log-summary.jsp used in SQL statement. (CVE-2008-6509) * A Cross-Site-Scripting vulnerability due to unsanitized input to the "url" parameter. (CVE-2008-6510, CVE-2008-6511) Impact ===== A remote attacker could execute arbitrary code on clients' systems by uploading a specially craftedplugin, bypassing authentication. Additionally, an attacker could read arbitrary files on the server or execute arbitrary SQL statements. Depending on the server's configuration the attacker might also execute code on the server via an SQL injection. Workaround ========= There is no known workaround at this time. Resolution ========= All Openfire users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-im/openfire-3.6.3" References ========= [ 1 ] CVE-2008-6508 https://www.cve.org/CVERecord?id=CVE-2008-6508 [ 2 ] CVE-2008-6509 https://www.cve.org/CVERecord?id=CVE-2008-6509 [ 3 ] CVE-2008-6510 https://www.cve.org/CVERecord?id=CVE-2008-6510 [ 4 ] CVE-2008-6511 https://www.cve.org/CVERecord?id=CVE-2008-6511 [ 5 ] CVE-2009-0496 https://www.cve.org/CVERecord?id=CVE-2009-0496 [ 6 ] CVE-2009-0497 https://www.cve.org/CVERecord?id=CVE-2009-0497 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200904-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Several security flaws in Openfire could enable unauthorized remote code execution and SQL injection attacks. Users are advised to update to the latest version.. Openfire Security, Gentoo Advisory, Remote Exploits, Input Validation Issues, Code Execution Risks. . LinuxSecurity.com Team

Calendar 2 Apr 02, 2009 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here