CVE-2019-0188

Apache Camel prior to 2.24.0 contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed...

JVN#71498764: Apache Camel vulnerable to XML external entity injection (XXE)

Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Impact By processing a specially crafted request, an arbitrary file on the server may be read. Solution Update the...

JQuery < 3.0.0 XSS

The version of JQuery library hosted on the remote web server is prior to 3.0.0. It is, therefore, affected by a cross site scripting vulnerability when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed C Tenable Network Securit...

RUSTSEC-2019-0039 typemap is Unmaintained

The maintainer seems unreachable. The crate may or may not be usable as-is despite no maintenance and may not work in future versions of Rust. The last release seems to have been seven years ago. Possible Alternatives The below list has not been vetted in any way and may or may not contain...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. Recent assessments: rootOptional at March 09, 2020 9:03pm UTC reported: This CVE is fairly obscure due to it being present in the WordPre...

WordPress article2pdf plugin <=0.27 - Multiple vulnerabilities

Multiple vulnerabilities found by Christian Lerrahn in WordPress article2pdf plugin versions =0.27. Solution 2019 March 28 - we were unable to find a patched version of this plugin. Last time updated ten years ago, closed by WordPress for security reasons...

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

CVE-2019-5723

An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreover, the encryption key is static and too short. Due to this, the passwords stored by the applicatio...

CVE-2019-5723

CVE-2019-5723 affects Portier Vision 4.4.4.2 and 4.4.4.6. The issue is cryptographic: passwords are stored with reversible encryption using an outdated Vigenère algorithm, and the encryption key is static and too short, enabling easy decryption of stored passwords. This impacts confidentiality (h...

Discourse 'CVE-2019-5418' LFI Vulnerability - Active Check

Discourse is prone to a LFI Local File Inclusion vulnerability if the hosting system is running an outdated version of Ruby on Rails. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Ruby on Rails 'CVE-2019-5418' LFI (Local File Inclusion) Vulnerability

The web application on the remote host is prone to a LFI Local File Inclusion vulnerability if the hosting system is running an outdated version of Ruby on Rails. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Report outdated / end-of-life Scan Engine / Environment (local)

This script checks and reports an outdated or end-of-life scan engine for the following environments: - Greenbone Community Edition - Greenbone Free formerly Greenbone Enterprise TRIAL, Greenbone Security Manager TRIAL / Greenbone Community Edition VM used for this scan. NOTE: While this is not, ...

GHSA-8P52-7CXV-6C95 Downloads Resources over HTTP in curses

Affected versions of curses insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

Downloads Resources over HTTP in native-opencv

Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-MQ76-M7GV-XHFM sauce-connect downloads Resources over HTTP

Affected versions of sauce-connect insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Security Bulletin: IBM QRadar SIEM uses outdated hash algorithms. (CVE-2017-1695)

Summary The software uses an outdated or insecure cryptographic library or it is using a proprietary crypto standard which is likely to be vulnerable. Vulnerability Details CVEID: CVE-2017-1695 DESCRIPTION: IBM QRadar uses weaker than expected cryptographic algorithms that could allow an attacker...

PT-2019-6328 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.3 Description: The issue is related to a stack-based buffer overflow in the zmLoadUser function, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. This is a...

Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing...

Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing...

Apache Tomcat 7.0.0 < 7.0.70

The version of Tomcat installed on the remote host is prior to 7.0.70. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.70security-7 advisory. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70...