PT-2019-4343 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.837 Description: The issue concerns a CSRF vulnerability in the forgot password function, allowing an attacker to change the password for the root account. This vulnerability can be exploited by a remote attacke...

CVE-2019-5528

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available...

PT-2019-18500 · Linear · Linear Emerge 50P/5000P

Name of the Vulnerable Software and Affected Versions: Linear eMerge 50P/5000P devices affected versions not specified Description: The issue allows for Cross-Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application...

ABB IDAL HTTP Server Stack-Based Buffer Overflow

XL-19-011 - ABB IDAL HTTP Server Stack-Based Buffer Overflow Vulnerability ======================================================================== Identifiers ----------- XL-19-011 CVE-2019-7232 ABBVU-IAMF-1902009 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

ABB HMI Missing Signature Verification

XL-19-005 - ABB HMI Absence of Signature Verification Vulnerability ======================================================================== Identifiers ----------- XL-19-005 CVE-2019-7229 ABBVU-IAMF-1902003 ABBVU-IAMF-1902012 CVSS Score ---------- 8.3 AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Affected...

PT-2019-2429 · Microsoft · Windows Jet Database Engine +1

Name of the Vulnerable Software and Affected Versions: Windows Jet Database Engine affected versions not specified Description: The issue is related to errors in processing objects in memory within the Windows Jet Database Engine of the Windows operating system. It allows a remote attacker to...

PT-2019-18201 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1 Description: The Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with...

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

CVE-2014-5401 Hospira MedNet Code Injection

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versio...

GHSA-QX9M-27WH-7FJG Downloads Resources over HTTP in jvminstall

Affected versions of jvminstall insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-5W4P-H4GM-3W26 Downloads Resources over HTTP in jser-stat

Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...

GHSA-9GQH-Q4CX-F2H9 ipip downloads Resources over HTTP

Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...

GHSA-6Q8Q-RVF4-M4PG dalek-browser-chrome Downloads Resources over HTTP

Affected versions of dalek-browser-chrome insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

Downloads Resources over HTTP in native-opencv

Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-5PQ8-2Q24-MJ3P Downloads Resources over HTTP in fis-parser-sass-bin

Affected versions of fis-parser-sass-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

GHSA-XJ62-87PG-VCV3 Regular Expression Denial of Service in jshamcrest

The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...

GHSA-8CC8-8VVX-FHGW jdf-sass downloads Resources over HTTP

Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

PT-2019-1402 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Description: A remote code execution issue exis...

PT-2019-18337 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.32.3 Description: An issue exists in the software where Reflected XSS is present in the web/skins/classic/views/plugin.php file via the pl parameter in the /zm/index.php?view=plugin API endpoint. Recommendations: For...

PT-2022-5597 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC affected versions not specified Description: The issue is related to the function svg parse preserveaspectratio of the SVG Parser component in the GPAC multimedia platform. It is caused by incorrect clearing or freeing of resources,...