RHEL 7 : qt5-qtbase (RHSA-2020:4025)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4025 advisory. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt...

Oracle Linux 8 : qt5-qtbase / and / qt5-qtwebsockets (ELSA-2020-4690)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4690 advisory. qt5-qtbase 5.12.5-6 - OpenSSL: handle SSLshutdowns errors properly Resolves: bz1851538 5.12.5-5 - Fix: Files placed by attacker can influence the worki...

qt5-qtbase and qt5-qtwebsockets security and bug fix update

qt5-qtbase 5.12.5-6 - OpenSSL: handle SSLshutdowns errors properly Resolves: bz1851538 5.12.5-5 - Fix: Files placed by attacker can influence the working directory and lead to malicious code execution Resolves: bz1814739 Resolves: bz1814683 - Fix: XML entity expansion vulnerability Resolves:...

Moderate: Red Hat Security Advisory: qt5-qtbase and qt5-qtwebsockets security and bug fix update

An update for qt5-qtbase, qt5-qttools, and qt5-qtwebsockets is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2020:4690 Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update

Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and...

DLL Hijacking Vulnerability in Haiwell's Cloud SCADA Cloud Configuration Software

Haiwell Haiwell cloud configuration software Cloud SCADA is an industrial automation monitoring and management platform software developed by Xiamen Haiwell Technology Co. A DLL hijacking vulnerability exists in Haiwell Cloud SCADA. An attacker can exploit this vulnerability to load a malicious d...

qt5-qtbase security update

5.9.7-4 - Fix: Files placed by attacker can influence the working directory and lead to malicious code execution Resolves: bz1814740 Resolves: bz1814685 5.9.7-3 - Fix multilib issue with qtcore-config.h header file Resolves: bz1534528 - Move libQt5EglFSDeviceIntegration lib into correct subpackag...

Privilege Escalation

Qt is vulnerable to Privilege Escalation. Files placed by attacker can influence the working directory and lead to malicious code execution...

Moderate: Red Hat Security Advisory: qt5-qtbase security update

An update for qt5-qtbase is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Extreme Online Game Accelerator has a dll hijacking vulnerability

Extreme Online Game Accelerator is a game gas pedal software. Extreme Online Game Accelerator has a dll hijacking vulnerability. An attacker can exploit this vulnerability to execute malicious code...

CVE-2020-19007

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser...

Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

If you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and...

Shenzhen Xunlei Network Technology Co., Ltd Xunlei Quickbird has dll hijacking vulnerability

Founded in 2003, Shenzhen Xunlei Network Technology Co., Ltd. is a shared computing and blockchain technology innovation enterprise. Shenzhen Xunlei Network Technology Co., Ltd Xunlei Quickbird suffers from a dll hijacking vulnerability, which can be exploited by an attacker to load a malicious d...

Shenzhen Xunlei Network Technology Co., Ltd Xunlei X suffers from dll hijacking vulnerability (CNVD-2020-49286)

Founded in 2003, Shenzhen Xunlei Network Technology Co., Ltd. is a shared computing and blockchain technology innovation enterprise. Shenzhen Xunlei Network Technology Co., Ltd Xunlei X suffers from a dll hijacking vulnerability, which can be exploited by an attacker to load a malicious dll and...

openSUSE Security Update : rubygem-bundler (openSUSE-2020-803)

This update for rubygem-bundler fixes the following issue : - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive...

SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-2)

This update for rubygem-bundler fixes the following issue : CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

SUSE-SU-2020:1582-2 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436...

CVE-2020-5596

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a...

OPENSUSE-SU-2020:0861-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-bundler (moderate)

openSUSE Security Update: Security update for rubygem-bundler Announcement ID: openSUSE-SU-2020:0861-1 Rating: moderate References: 1143436 Cross-References: CVE-2019-3881 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...