Prototype Pollution

Overview i18next is an internationalization framework for browser or any other javascript environment eg. node.js. Affected versions of this package are vulnerable to Prototype Pollution. This vulnerability relates to the AddResourceBundle API which uses the the deepExtend function...

GHSA-WWGF-3XP7-CXJ4 Potentially sensitive data exposure in Symfony Web Socket Bundle

Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to not succeed...

Potentially sensitive data exposure

Impact Inside Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::onPublish, messages are arbitrarily broadcasted to the related Topic if Gos\Bundle\WebSocketBundle\Server\App\Dispatcher\TopicDispatcher::dispatch does not succeed. The dispatch method can be considered to not succeed...

Cross-site Scripting (XSS)

sonata-project/admin-bundle is vulnerable to cross-site scripting XSS attacks. The library does not properly escape item.label in function templateResult in sonatatypemodelautocomplete.html.twig, allowing a malicious user to inject and execute arbitrary web scripts...

Information Disclosure

aegir is vulnerable to Information Disclosure. Environmental variables in the browser bundle contains tokens and keys, which can be leaked during aegir publish or aegir build...

CVE-2020-11059 Exposure of Sensitive Information to an Unauthorized Actor in AEgir

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...

CVE-2020-11059

In AEgir, vulnerabilities exist in versions 21.7.0 up to but not including 21.10.1 where the commands “aegir publish” and “aegir build” may leak environment variables from the browser bundle published to npm. The issue enables potential exposure of secrets (high impact per CVSS) and has been fixe...

Cross-site Scripting (XSS)

Overview bootstrap-select is a .NET bundle for bootstrap-select jQuery plugin. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the use of the data-subtext attribute, in cases where that content originates from a user-controlled input. PoC by Snyk Research js HTML ...

CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

DEBIAN-CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

Design/Logic Flaw

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1770 Information disclosure in support bundle files

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

CVE-2020-1770

CVE-2020-1770 is an information-disclosure issue in the OTRS/Open Source Ticket Request System where generated support bundle files could contain sensitive data. Public advisories list affected products as OTRS Community Edition 5.0.41 and earlier, 6.0.26 and earlier, and OTRS 7.0.15 and earlier,...

CVE-2020-1770

Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

Changes to Citrix Insight Services (CIS) and Customer Uploads

On March 18, 2020 we had a service disruption with Citrix Insight Services CIS platform which hosted the customer portal at cis.citrix.com, along with Call home, CEIP and few other services. Over the last few days, we have been in the process of bringing up most of the affected services and also...

Lenovo XClarity Administrator (LXCA) Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-29942 Potential Impact: Information disclosure Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-19756 Summary Description: An internal product security audit of Lenovo XClarity Administrator LXCA discovered Windows OS credentials, used to...

XML External Entity (XXE)

maven-bundle-plugin is vulnerable to XML external entity XXE attacks. The external DTDs is not disabled by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server or read system files...

Humble Bundle's 2020 Cybersecurity Books

For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's...