DEBIAN-CVE-2019-13105

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem...

a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +656 more potentially affected by CVE-2019-14233 via django (>=2.2.0 <=2.2.3)

django PYPI version =2.2.0, =1.0.0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =2.0.0, =0.1.0, =1.1.0, =1.4.1, =1.6.0 - aiida-crystal17 =0.11.0 and more Source cves: CVE-2019-14233 Source advisory: OSV:GHSA-H5JV-4P7W-64JG...

admindjango-ckeditor-blog (=0.1.0), aileen (>=0.2.0.dev20181221 <=0.2.1) +43 more potentially affected by CVE-2019-14232 via django (>=1.11.0 <=1.11.22)

django PYPI version =1.11.0, =0.2.0.dev20181221, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =1.0.1 - django-defender =0.5.0 and more Source cves: CVE-2019-14232 Source advisory: OSV:GHSA-C4QH-4VGV-QC6G...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-14232 via django (>=2.1.0 <=2.1.10)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-14232 Source advisory: OSV:GHSA-C4QH-4VGV-QC6G...

Jolokia Cross-Site Request Forgery Vulnerability (CNVD-2019-26164)

Jolokia is a use of JSON via Http to achieve JMX remote management of open source projects , it provides JMX batch operation , security policies and so on. A cross-site request forgery vulnerability exists in Jolokia versions 1.2.0 through 1.6.0. The vulnerability stems from a WEB application tha...

Magento cross-site scripting vulnerability (CNVD-2019-26244)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A cross-site scripting vulnerability exists in the admin panel in Magento versions 2.1.18 before 2.1, 2.2.9 befor...

PT-2019-17011 · Ibm · Ibm Jazz For Service Management

Name of the Vulnerable Software and Affected Versions: IBM Jazz for Service Management versions 1.1.3 through 1.1.3.2 Description: The issue could allow an unauthorized local user to create unique catalog names, potentially causing a denial of service. Recommendations: For versions 1.1.3 through...

br.jus.stf.digital:core (>=2.0.0 <=2.3.1), cloud.altemista.fwk.microservices:cloud-altemistafwk-core-microservices-zipkin-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE) +983 more potentially affected by CVE-2019-10184 via io.undertow:undertow-servlet (>=1.0.0.Alpha1 <=2.0.22.Final)

io.undertow:undertow-servlet MAVEN version =1.0.0.Alpha1, =2.0.0, =3.0.0.RELEASE, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.1.4-jdk1.8-RELEASES, =0.0.4, =0.2.7, =0.0.1, =0.0.1, =0.0.1, =0.2.0, =0.7.0 and more Source cves: CVE-2019-10184 Source advisory: OSV:GHSA-W69W-JVC7-WJGV...

org.apache.storm:storm-kafka-client-examples (>=1.1.0 <=1.2.2), uk.co.gresearch.siembol:config-editor-sync (>=1.0.0 <=1.3.0) potentially affected by CVE-2018-11779 via org.apache.storm:storm-kafka-client (>=1.1.0 <=1.2.2)

org.apache.storm:storm-kafka-client MAVEN version =1.1.0, =1.1.0, =1.0.0, =1.3.0 Source cves: CVE-2018-11779 Source advisory: OSV:GHSA-25PC-85QF-6J69...

IBM StoredIQ Input Validation Error Vulnerability

IBM StoredIQ is a suite of data visualization and processing platforms from IBM, USA. The platform provides scalable analytics and governance of unstructured data, as well as records management, storage optimization and migration of data. An input validation error vulnerability exists in IBM...

serde-yaml denial of service vulnerability

serde-yaml is a Rust library that supports the use of both the Serde serialization framework and data in YAML format. A security vulnerability exists in serde serdeyaml versions 0.6.0 through 0.8.3. An attacker can exploit this vulnerability to cause a denial of service...

Oracle E-Business Suite Component Access Control Error Vulnerability (CNVD-2019-28435)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. iSupport is one of the Internet-based customer support...

UBUNTU-CVE-2019-12472

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

UBUNTU-CVE-2018-19574

GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page...

GitLab Resource Management Issues Vulnerabilities

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

UBUNTU-CVE-2019-13178

modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set...

django-aesfield (=3.0.0), django-autoconfig (=0.8.0) +11 more potentially affected by CVE-2019-12781 via django (>=2.1.0 <=2.1.1)

django PYPI version =2.1.0, =0.1.0, =0.1.0, =0.3.0, =1.7.3, =0.0.3, =1.1.0, =0.1.2, =1.0.0rc2, =0.1.0, =0.2.0.dev2 Source cves: CVE-2019-12781 Source advisory: OSV:PYSEC-2019-10...

PT-2019-16985 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server versions 11.3 through 11.7 Description: A Cross-Frame Scripting issue allows an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. Recommendations: For IBM InfoSphere...

CVE-2018-1858

IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256...

CVE-2018-2011

IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150...