CVE-2019-4057

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567...

CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

OPENSUSE-SU-2019:1527-1 Security update for rmt-server

This update for rmt-server to version 2.1.4 fixes the following issues: - Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 - Mirror additional repos that were enabled during mirroring bsc1132690 - Make service IDs consistent across different RMT instances bsc1134428 - Make SMT data...

Jenkins Artifactory Plugin fillCredentialsIdItems information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the fillCredentialsIdItems endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled -...

CVE-2019-6743

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1381-1)

This update for rmt-server to version 2.1.4 fixes the following issues : Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 Mirror additional repos that were enabled during mirroring bsc1132690 Make service IDs consistent across different RMT instances bsc1134428 Make SMT data import...

Fedora 30 : mod_http2 (2019-08e57d15fd)

Code cleanups and Simplifications : - in stream instance and main connection output handling for a common strategy in h2/h2c versions of the protocol. Stream instances are kept in one place which will make future optimizations in state handling easier. - Discarding idea of re-using bucket beams a...

CVE-2019-2557

creationtimestamp| type| source ---|---|--- 2019-05-24 12:00:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/oatsdownloadservlettraversal.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:15+00:00|...

CVE-2019-8605

creationtimestamp| type| source ---|---|--- 2019-05-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46892 2019-08-20 17:05:55+00:00| exploited| https://t.me/thehackernews/429 2020-10-09 14:05:40+00:00| seen| MISP/6d574aa3-3f1c-4275-acc4-bf5bc91f11b6 2021-03-20 18:08:16+00:00|...

CVE-2019-2046

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...

Denial Of Service

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access...

ADM not giving deploy option after running deployment_type.py

When running the deploymenttype.py to prepare an ADM instance for HA pairing, after reboot the deploy tab is missing...

Nextcloud: Remote Code Execution via Extract App Plugin

Hi, I found a critical issue in the Add-on "Extract" listed in the Nextcloud Marketplace: https://apps.nextcloud.com/apps/extract This extension can be installed directly from Nextcloud Application The vulnerability was found in file: extract/lib/Controller/ExtractionController.php line 102. The...

CVE-2019-1805

A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...

License Auto Update fails after applying Update 4

Challenge License Auto Update fails Cause Any licenses obtained prior to U4 are now known as 'Legacy Licenses'. Auto Update functionality cannot migrate a Legacy License to the new Veeam Instance License. The message most likely received is: Error Server message: License key type is not supported...

Qualys Cloud Platform 2.38 New Features

This release of the Qualys Cloud Platform version 2.38 includes updates and new features for AssetView, Web Application Firewall, and Web Application Scanning, highlights as follows. AssetView Azure Instance State search token and Dynamic Tag Support – A new search token "azure.vm.state" is added...

CVE-2019-3795

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

Path traversal

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 the fixed version for 6.6.x, from version 6.7.0 before 6.12.3 the fixed version for 6.12.x, from version 6.13.0 before 6.13.3 the fixed version for 6.13.x, and from version 6.14.0 before 6.14.2 the fixed version for...

Google Chrome < M73 - MidiManagerWin Use-After-Free Exploit

Google Chrome M73 - MidiManagerWin Use-After-Free Exploit MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int,...