How to remove the File Transfer Tab in a Full VPN NetScaler Gateway

How to remove the "File Transfer" Tab to prevent users from downloading files when accessing the environment through the NetScaler Gateway...

Fedora: Security Advisory for curl (FEDORA-2021-eb5b7c53a9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: curl-7.76.1-3.fc34

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

RHEL 8 : spice-vdagent (RHSA-2021:1791)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1791 advisory. The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information...

CentOS 8 : spice-vdagent (CESA-2021:1791)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1791 advisory. - spice-vdagent: memory DoS via arbitrary entries in activexfers hash table CVE-2020-25650 - spice-vdagent: possible file transfer DoS and information...

spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map

A flaw was found in the SPICE file transfer protocol. File data from the host system can partially or fully end up in the client connection of an unauthorized local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highe...

ALSA-2021:1791 Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

RLSA-2021:1791 Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

spice-vdagent security and bug fix update

An update is available for spice-vdagent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The spice-vdagent packages provide a SPICE agent for Linux guests...

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, relates to errors in processing new line symbols in FTP URLs. This vulnerability allows attackers to send arbitrary commands to the FTP server.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to errors in processing new line characters in FTP URL addresses such as %0A or %0D. Exploiting this vulnerability allows a remote attacker to send arbitrary commands to the FTP server...

The vulnerability of the programmable logic controller Schneider Electric Modicon Quantum, related to the insufficient reliability of passwords, allows a intruder to alter the contents of configuration files.

The vulnerability of the programmable logic controller Schneider Electric Modicon Quantum is related to the insufficient security of passwords. Exploiting this vulnerability could allow an attacker to modify the contents of configuration files using the built-in FTP server passwords...

The vulnerability of the TFTP server for microprogramming software of NETGEAR ProSAFE Plus JGS516PE and ProSAFE Plus GS116Ev2 allows a intruder to increase their privileges.

The vulnerability of the TFTP server for microprogramming software in NETGEAR ProSAFE Plus JGS516PE and ProSAFE Plus GS116Ev2 devices is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

CVE-2020-7851

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing...