CVE-2019-11497

In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...

CVE-2019-2599

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Pagelet Wizard. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2019-23522)

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A cross-site scripting vulnerability exists in the Auto-Login administrator management page in Nagios XI...

Nagios XI Access Control Error Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. An access control error vulnerability exists in the coreconfigsnapshot.php page in Nagios XI versions prior...

RedwoodHQ Bypass Authentication Vulnerability

RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...

Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component Access Control Error Vulnerability (CNVD-2019-28270)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle Corporation. The products provide human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise PeopleTools is one of the tools and technology platform...

CVE-2018-6707

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent MA 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism...

LibSass Denial of Service Vulnerability (CNVD-2018-24636)

LibSass is an open source written in C using Sass CSS extension language parser . A denial of service vulnerability exists in the inspect.cpp file in LibSass version 3.5.5, which can be exploited by an attacker to cause a denial of service with the help of a specially crafted sass input file...

CVE-2018-16097

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2019-28246)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2019-28260)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2019-28243)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...

GHSA-2J2X-HX4G-2GF4 In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

CVE-2018-3202

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Performance Monitor. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2018-3192

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Query. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2018-3154

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Portal. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2018-2788

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Fluid Core. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

Arbitrary File Upload Vulnerability in CLTPHP Version 5.5.3

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. CLTPHP version 5.5.3 suffers from an arbitrary file upload vulnerability, which allows an attacker to directly upload malicious scripts without any privileges and control the web server...

Trend Micro Email Encryption Gateway Cross-Site Request Forgery Vulnerability

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A cross-site request forgery vulnerability exists in Trend Micro Email Encryptio...

SQL Injection Vulnerability in Daimi CMS v5.5.3

DAMI CMS is a free open source, fast, simple PC station and cell phone station integration integration system, is committed to providing users with simple, fast PC station and smart phone station solutions. A SQL injection vulnerability exists in the version V5.5.32017-04-15 of DAMI CMS, which ca...