[SECURITY] Fedora 30 Update: evince-3.32.0-3.fc30

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

The vulnerability of the eLearning Server 4G system management and development system lies in the lack of checks on the input data for HTML tags. This allows a malicious individual to alter the main text of web pages or execute arbitrary code in the user’s browser.

The vulnerability of the eLearning Server 4G system management and development system is related to the lack of checks on the input data for the presence of HTML tags including a tag containing JavaScript code. Exploiting this vulnerability could allow an attacker to modify the main text of the...

PT-2019-12489 · Eclipse · Eclipse Buildship

Name of the Vulnerable Software and Affected Versions: Eclipse Buildship versions prior to 3.1.1 Description: The issue arises from Eclipse Buildship resolving dependencies over HTTP instead of HTTPS, making the artifacts susceptible to Man-In-The-Middle MITM attacks. This could lead to the...

Gemalto Admin Control Center Access Control Error Vulnerability

Gemalto Admin Control Center is a set of Web-based Sentinel user tools from Gemalto. The product is mainly used to query and manage hardware and software Sentinel license keys. A security vulnerability exists in Gemalto Admin Control Center versions prior to 7.92, which stems from the program's u...

ALPINE-CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

UBUNTU-CVE-2019-0197

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

USN-4009-2 php5 vulnerabilities

USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP t...

PHP EXIF Extended Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems.EXIF extension is one of the...

CVE-2019-6756

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

UBUNTU-CVE-2019-11040

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

XSS Vulnerability at Private Messages in JEESNS System

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS system at the private message XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

WellCMS X has an xss vulnerability

WellCMS X is a mobile-oriented content management product. An xss vulnerability exists in WellCMS X, which can be exploited to inject arbitrary web script or HTML...

CVE-2018-13992

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission HTTP of user credentials by default...

CVE-2019-11641

Anomali Agave formerly Drupot through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system...

The vulnerability of the User Interface sub-component of the Oracle Trade Management component in the Oracle E-Business Suite, which allows a malicious actor to gain unauthorized access to protected data.

The vulnerability of the User Interface component of the Oracle Trade Management component in the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using th...

The vulnerability of the BI Publisher Security sub-component of the BI Publisher reporting tool (formerly XML Publisher) allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the BI Publisher Security sub-component of the BI Publisher reporting tool formerly XML Publisher is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using...

The vulnerability of the sub-component Application Server of the PeopleSoft Enterprise PT PeopleTools component of the Oracle PeopleSoft Products allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Application Server sub-component of the PeopleSoft Enterprise PT PeopleTools business application suite from Oracle PeopleSoft Products is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to...

The vulnerability of the sub-component “Job Opening” in the PeopleSoft Enterprise HCM Talent Acquisition Manager component of the Oracle PeopleSoft products allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Job Opening sub-component of the PeopleSoft Enterprise HCM Talent Acquisition Manager component of the Oracle PeopleSoft products is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify...

The vulnerability of the BI Publisher Security sub-component of the BI Publisher reporting tool (formerly XML Publisher) allows a malicious individual to gain access to modify, add, or delete data.

The vulnerability of the BI Publisher Security sub-component of the BI Publisher reporting tool formerly XML Publisher is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to gain access to modify, add, or delete data using the HTTP protocol...

CVE-2019-2725

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...