In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
Published at: May 27, 2020 at 05:15PM
View on website
Sympa before 6.2.56 allows privilege escalation.
Published at: May 27, 2020 at 02:15PM
View on website
Centreon before 19.10.7 exposes Session IDs in server responses.
Published at: May 27, 2020 at 12:15PM
View on website
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.
Published at: May 27, 2020 at 12:15PM
View on website
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
Published at: May 27, 2020 at 11:15AM
View on website
Educ Arte Económico 