August 13, 2019—KB4512482 (Security-only update)

August 13, 2019—KB4512482 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Server, Windows Input and...

Sql injection

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

CVE-2019-14748

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...

[SECURITY] Fedora 29 Update: gnupg2-2.2.17-1.fc29

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Three Keys to Infusing Security into your Corporate Culture

Creating a security-oriented culture is a challenge for many businesses. There's a natural tension between development teams, that are under constant pressure to get new applications and features to market as quickly as possible, and security teams that need to protect critical systems and...

cPanel Input Validation Error Vulnerability (CNVD-2019-26363)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.18. The vulnerability stems from a web-based...

CVE-2019-5058

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

VMSA-2019-0012:VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities

VMware Security Advisories Advisory ID| VMSA-2019-0012 ---|--- Advisory Severity| Important CVSSv3 Range| 6.3-8.5 Synopsis| VMware ESXi, Workstation and Fusion updates address out-of-bounds read/write vulnerabilities CVE-2019-5521, CVE-2019-5684 Issue Date| 2019-08-02 Updated On| 2019-08-02 Initi...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

CVE-2019-14417

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

Command injection

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

Command injection

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

CVE-2019-14417

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

CVE-2019-14417

Veritas Resiliency Platform (VRP) prior to 3.4 HF1 contains an arbitrary command execution vulnerability in its DNS-related functionality that lets a malicious VRP user run commands with root privileges inside the VRP VM. Affected software is VRP before 3.4 HF1; the underlying issue is tied to DN...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

CVE-2019-14349

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...

CVE-2019-14349

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...

CVE-2019-14349

CVE-2019-14349 affects EspoCRM 5.6.4. The vulnerability is a stored XSS in the api/v1/Document functionality used for storing documents in the account tab, caused by lack of filtration of user-supplied data. An attacker can upload a crafted file whose name contains JavaScript, and the code execut...

CVE-2019-14349

EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user...