Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2017-1064)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-3614

An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9...

CVE-2011-3614

An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9...

CVE-2011-3614

CVE-2011-3614 affects Vanilla Forums (Facebook, Twitter, and Embedded plugins) prior to version 2.0.17.9. The issue is an Access Control vulnerability that could impact confidentiality, integrity, and availability. Remediation: upgrade to Vanilla Forums 2.0.17.9 or newer; apply any vendor-supplie...

WordPress <= 5.2.3: Hardening Bypass

WordPress Hardening Mechanisms WordPress per default allows users with the administrator role to install plugins and even edit the .php files of plugins from within the admin dashboard. Although this allows for the easy modification of plugins and themes, it also allows malicious administrators t...

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

Unspecified Vulnerability in Gentoo Portage

Gentoo is an open source Linux system from the Gentoo Foundation.Gentoo Portage is one of the package managers. A security vulnerability exists in Gentoo Portage 2.3.84 and earlier versions, which originates from a write operation to the /usr/lib64/nagios/plugins directory between calls to emake...

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers...

Fedora Update for nbdkit FEDORA-2019-bd19067cb4

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for limnoria FEDORA-2019-7c3227fea5

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2019:2249-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Awesome Support < 6.0.0 - Stored XSS via Ticket Title

The lack of sanitisation in the posttitle of a ticket could allow users with the Support Supervisor capability to create tickets containing XSS payloads. The risk is relatively low, as CSRF checks are in place and the affected role is close to an admin one. Using the DISALLOWUNFILTEREDHTML consta...

container-tools:ol8 security and bug fix update

buildah 1.9.0-5.0.1 - Fixes troubles with oracle registry login Orabug: 29937283 1.9.0-5 - Use autosetup macro again. 1.9.0-4 - Fix CVE-2019-10214 1734653. 1.9.0-3 - Resolves: 1721247 - enable fips mode 1.9.0-2 - Resolves: 1720654 - tests subpackage depends on golang explicitly 1.9.0-1 - Resolves...

ALPINE-CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

PYSEC-2020-160

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

PYSEC-2020-160

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

UBUNTU-CVE-2019-14864

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag nolog set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data...

CVE-2019-20221

In Support Incident Tracker SiT! 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page...

CVE-2019-20221

In Support Incident Tracker SiT! 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page...