PT-2019-13687 · Veritas · Veritas Resiliency Platform

Name of the Vulnerable Software and Affected Versions: Veritas Resiliency Platform versions prior to 3.4 HF1 Description: An issue allows a user with sufficient privileges to overwrite any file in the virtual machine through a directory traversal vulnerability when uploading an application bundle...

CVE-2019-3741

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s including the admin privilege user password is stored in a plain text in Unity Data Collection bundle logs files for troubleshooting. A local authenticated attacker...

CVE-2019-3741

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s including the admin privilege user password is stored in a plain text in Unity Data Collection bundle logs files for troubleshooting. A local authenticated attacker...

CVE-2017-12652

creationtimestamp| type| source ---|---|--- 2019-07-10 18:35:32+00:00| seen| https://t.me/cibsecurity/5455 2019-07-17 16:27:16+00:00| seen| https://t.me/cibsecurity/5567 2025-02-14 16:37:45+00:00| seen| https://vulnerability.circl.lu/bundle/7d76c81b-048b-457f-800a-dc4e82520dd3...

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

TwitterShadowBan - Twitter Shadowban Tests

One-page web app, testing Twitter users for conventional and QFD shadowbans. Setup Browser compatibility needs transpiling. Nothing fancy, just the usual babel magic. git clone https://github.com/shadowban-eu/TwitterShadowBanV2 && cd TwitterShadowBanV2 npm install Since we are using a php backend...

CompTIA Certification Training — Get Online Courses @ 95% OFF

The Information Technology industry has seen exponential growth over the years. It is essential for everyone to earn cybersecurity certification if you want to be a part of this growing industry. Organizations always prefer employees with strong internationally-recognized professional...

3d-box (>=0.0.3 <=0.0.7), @500tech/react-scripts (>=1.1.3 <=5.1.0-beta.4) +1069 more potentially affected by unknown CVE via webpack-bundle-analyzer (>=1.4.1 <=3.2.0)

webpack-bundle-analyzer NPM version =1.4.1, =0.0.3, =1.1.3, =1.0.0, =1.0.0, =0.9.0, =0.0.1-canary.49, =0.1.3, =1.0.0, =0.0.1, =1.0.1-0, =2.1.0, =2.1.2-4, =1.0.1-0, =2.3.0-beta.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PGR8-JG6H-8GW6...

Cross-Site Scripting in webpack-bundle-analyzer

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later...

GHSA-PGR8-JG6H-8GW6 Cross-Site Scripting in webpack-bundle-analyzer

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify without properly escaping input which may lead to Cross-Site Scripting. Recommendation Upgrade to version 3.3.2 or later...

UBUNTU-CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

Input validation

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

CVE-2019-10909

The CVE affects Symfony framework-bundle: 2.x up to 2.7.51, 2.8.x up to 2.8.50, 3.x up to 3.4.26, 4.x up to 4.1.12, and 4.2.x up to 4.2.7. Root cause: validation messages are not escaped in the PHP templating engine, enabling XSS when user input is included. Impact: cross-site scripting in applic...

CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle...

Buffer Over-read

Open vSwitch is vulnerable to buffer over-read vulnerability. A remote unauthenticated attacker could cause denial of service conditions during BUNDLE action decoding via a buffer over-read. Affected is the function decodebundle in the library lib/ofp-actions.c...

Improper Access Control

Oracle Java SE is vulnerable to improper access control vulnerability. This is because the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making the...

Fedora 30 : python-urllib3 (2019-6afaa38e7b)

Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified https://www.openwall.com/lists/oss-security/2019/04/17/ 3 Full changelog at:...

Fedora 28 : python-urllib3 (2019-8560719e80)

Fix an issue similar to CVE-2018-20060 where the authorization header was removed only when the case matched. - Fix an issue where the system CA bundle was loaded even when an alternate bundle was explicitly specified https://www.openwall.com/lists/oss-security/2019/04/17/ 3 Full changelog at:...