Fedora 30 : phpMyAdmin (2019-6404181bf9)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

CB Threat Analysis Unit: Technical Analysis of “Crosswalk”

The technical analysis is related to the TAU-TIN for the same malware which can be located in this post. FireEye recently reported on APT41, a Chinese state sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditiona...

Update Rollup 8 for System Center 2016 Orchestrator

Update Rollup 8 for System Center 2016 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed Runbook performing SQ...

WordPress Ultimate FAQ plugin <= 1.8.24 - Unauthenticated Options Import/Export vulnerability

Unauthenticated Options Import/Export vulnerability found by Jerome Bruandet in WordPress Ultimate FAQ plugin versions = 1.8.24. Solution Update the WordPress Ultimate FAQ plugin to the latest available version at least 1.8.25...

Ultimate FAQ < 1.8.25 - Unauthenticated Options Import/Export

The Ultimate FAQ – WordPress Q Plugin WordPress plugin was affected by an Unauthenticated Options Import/Export security vulnerability...

WordPress LifterLMS plugin power lifting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. A vulnerability exists in the 'uploadimport' function in the class.llms.admin.import.php script in LifterLMS plugin version 3.34.5 and earlier. An attacker can exploit this vulnerability to...

CVE-2019-15732

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions...

CVE-2019-15732

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions...

CVE-2019-15732

Removed by vendor...

WordPress Import users from CSV with meta Plugin < 1.14.0.3 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113521";...

WordPress Import users from CSV with meta Plugin < 1.14.1.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113522";...

WordPress Import users from CSV with meta Plugin < 1.14.2.1 Directory Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113523";...

CVE-2019-12996

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

Design/Logic Flaw

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

CVE-2019-12996

CVE-2019-12996 affects Mendix 7.23.5 and earlier. The issue arises in XML import mappings where DOCTYPE declarations in the XML input can be processed, described as potentially unsafe. The connected documents confirm the affected version range but do not provide concrete exploit details, affected...

CVE-2019-12996

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

CVE-2019-15896

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...

CVE-2019-15896

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The uploadimport function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation administrator account creation, website redirection...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control issue 3 of 3. When a project with visibility more permissive than the target group is imported, it will retain its prior visibility...