openssl-encrypt has visible password in process list via --password CLI argument

Summary Passwords passed via the --password / -p CLI argument in opensslencrypt/modules/cryptclisubparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/pid/cmdline. Affected Code python subparser.addargument "--password", "-p", help="Password will prompt if not...

Minor update(7) for Vivaldi Android Browser 7.5

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the sixth 7.5 stable, minor update: Upgraded to...

SUSE-SU-2024:1872-1 Security update for python-tqdm

This update for python-tqdm fixes the following issues: Update to version 4.66.4: rich: fix completion cli: eval safety CVE-2024-34062, bsc1223880 pandas: add DataFrame.progressmap notebook: fix HTML padding keras: fix resuming training when verbose=2 fix formatnum negative fractions missing...

GHSA-F598-MFPV-GMFX Sequelize - Default support for “raw attributes” when using parentheses

Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...

Sequelize - Default support for “raw attributes” when using parentheses

Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...

CVE-2021-32638

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...

CVE-2020-5217

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

DEBIAN-CVE-2020-5217

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

CVE-2020-5217 Directive injection when using dynamic overrides with user input in RubyGems secure_headers

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

CVE-2020-5217

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

secure_headers directive injection using semicolon

If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secureheaders...

Fedora 21 : php-twig-1.20.0-1.fc21 (2015-13423)

1.20.0 2015-08-12 forbid access to the Twig environment from templates and internal parts of TwigTemplate fixed limited RCEs when in sandbox mode deprecated TwigTemplate::getEnvironment deprecated the self variable for usage outside of the from and import tags added TwigBaseNodeVisitor to ease th...