PT-2019-4343 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.837 Description: The issue concerns a CSRF vulnerability in the forgot password function, allowing an attacker to change the password for the root account. This vulnerability can be exploited by a remote attacke...

PT-2019-3255 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A remote code execution issue exists due to the improper handling of specially crafted embedded fonts by the Windows font library. This could allow an attacker to take control of the affect...

PT-2019-18500 · Linear · Linear Emerge 50P/5000P

Name of the Vulnerable Software and Affected Versions: Linear eMerge 50P/5000P devices affected versions not specified Description: The issue allows for Cross-Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application...

PolarBear

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged...

PT-2019-2429 · Microsoft · Windows Jet Database Engine +1

Name of the Vulnerable Software and Affected Versions: Windows Jet Database Engine affected versions not specified Description: The issue is related to errors in processing objects in memory within the Windows Jet Database Engine of the Windows operating system. It allows a remote attacker to...

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

GHSA-QX9M-27WH-7FJG Downloads Resources over HTTP in jvminstall

Affected versions of jvminstall insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-3VV5-42WR-M32G Downloads Resources over HTTP in scala-bin

Affected versions of scala-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

GHSA-8R98-RQG5-4VM3 node-browser downloads Resources over HTTP

Affected versions of node-browser insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

GHSA-3X83-P476-VV95 Downloads Resources over HTTP in selenium-standalone-painful

Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

GHSA-5W4P-H4GM-3W26 Downloads Resources over HTTP in jser-stat

Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...

GHSA-9GQH-Q4CX-F2H9 ipip downloads Resources over HTTP

Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...

GHSA-7XVG-M3VX-2HHV Downloads Resources over HTTP in webrtc-native

Affected versions of webrtc-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-6Q8Q-RVF4-M4PG dalek-browser-chrome Downloads Resources over HTTP

Affected versions of dalek-browser-chrome insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

GHSA-6V7P-J23V-4XMW robot-js downloads Resources over HTTP

Affected versions of robot-js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-4X5J-V9V9-W8GW Downloads Resources over HTTP in httpsync

Affected versions of httpsync insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

Downloads Resources over HTTP in native-opencv

Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-5PQ8-2Q24-MJ3P Downloads Resources over HTTP in fis-parser-sass-bin

Affected versions of fis-parser-sass-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

GHSA-XJ62-87PG-VCV3 Regular Expression Denial of Service in jshamcrest

The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...

GHSA-8CC8-8VVX-FHGW jdf-sass downloads Resources over HTTP

Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...