PT-2019-11722 · Jenkins · Jenkins Artifactory Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Artifactory Plugin versions 3.2.2 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturin...

CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

Cross site scripting

An issue was discovered in Joomla! before 3.9.6. The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...

Fortinet FortiClient Code Execution Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

Memory corruption

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

CVE-2019-1010258

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

CVE-2019-1010258

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

CVE-2019-3787: UAA defaults email address to an insecure domain | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release OSS All versions prior to v73.0.0 Description Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user’s email address when one is not provided and the user...

ghostscript security update

CentOS Errata and Security Advisory CESA-2019:1017 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Design/Logic Flaw

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

Sql injection

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12761

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

Arbitrary File Deletion Vulnerability in Acme CMS

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. Acme CMS has an arbitrary file deletion vulnerability, attackers can construct packets sent to the server, so as to delete arbitrary files,...

Amazon Linux AMI : python34 (ALAS-2019-1202)

Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack...

Denial Of Service (DoS)

libtiff is vulnerable to heap-based buffer overflow vulnerability. Remote attackers can cause a denial of service out-of-bounds write or execute arbitrary code via a crafted TIFF image with zero tiles. loadImage function in tiffcrop.c. loadImage will read the numbers of tiles by calling...