Ubuntu: Security Advisory (USN-4275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5217

A flaw was found in rubygem-secureheaders in versions prior to 6.2.0, 5.1.0, and 3.8.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection which could be used to override a script-src directive. The...

Citrix ADM Ports and URL's That Need To Be Opened for Communication

Additional notes: If using ULFD LogStream: The -logstreamOverNSIP option is available from Citrix ADC 13.0 41.x and 12.1 55.x onwards to alter the SRC IP. Default is SNIP. This is a global setting. set appflow param -logstreamOverNSIP If using IPFix AppFlow: The -IPAddress parameter can be used t...

Debian DSA-4617-1 : qtbase-opensource-src - security update

Two security issues were found in the Qt library, which could result in plugins and libraries being loaded from the current working directory, resulting in potential code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Debian: Security Advisory (DSA-4617-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-4617-1 qtbase-opensource-src - security update

Bulletin has no description...

Debian DLA-2092-1 : qtbase-opensource-src security update

In Qt5's plugin loader code as found in qtbase-opensource-src, it was possible to side-load plugins from 'the' local folder in addition to a system-widely defined library path. For Debian 8 'Jessie', this problem has been fixed in version 5.3.2+dfsg-4+deb8u4. We recommend that you upgrade your...

[SECURITY] [DLA 2092-1] qtbase-opensource-src security update

Package : qtbase-opensource-src Version : 5.3.2+dfsg-4+deb8u4 CVE ID : CVE-2020-0569 In Qt5s plugin loader code as found in qtbase-opensource-src, it was possible to side-load plugins from "the" local folder in addition to a system-widely defined library path. For Debian 8 "Jessie", this problem...

Debian: Security Advisory (DLA-2092-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5217

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

Code injection

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

CVE-2020-5217 Directive injection when using dynamic overrides with user input in RubyGems secure_headers

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

Unrestricted file upload

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI...

OS Command Injection

mikehaertl/php-shellcommand is vulnerable to OS command injection. The addArg function in src/Command.php does not escape all arguments, allowing an attacker to inject arbitrary OS commands...

Design/Logic Flaw

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

Debian: Security Advisory (DSA-4556-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4556-1 : qtbase-opensource-src - security update

An out-of-bounds memory access was discovered in the Qt library, which could result in denial of service through a text file containing many directional characters. The oldstable distribution stretch is not affected. C Tenable Network Security, Inc. The descriptive text and package checks in this...

DSA-4556-1 qtbase-opensource-src - security update

Bulletin has no description...

Medium: libcgroup

Issue Overview: libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.CVE-2018-14348 Affected Packages: libcgroup Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

Cross-Site Scripting (XSS) in script src

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...