PT-2019-16938 · Ibm · Ibm Security Access Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Access Manager versions 9.0.1 through 9.0.6 Description: The issue arises because the software does not properly verify a user's identity, potentially exposing resources or functionality to unintended actors. Recommendations: For...

PT-2019-16930 · Ibm · Ibm Security Access Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Access Manager versions 9.0.1 through 9.0.6 Description: The issue allows an attacker to potentially spoof a trusted entity by using a man-in-the-middle MITM attack due to incorrect certificate validation. Recommendations: For...

EXCELLENT INFOTEK BiYan Information Disclosure Vulnerability

EXCELLENT INFOTEK BiYan is China Taiwan Jieyin information EXCELLENT INFOTEK company's set of document management system. An information disclosure vulnerability exists in EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. The vulnerability arises from an error in configuration or other errors in...

EXCELLENT INFOTEK BiYan Information Disclosure Vulnerability (CNVD-2019-18740)

EXCELLENT INFOTEK BiYan is China Taiwan Jieyin information EXCELLENT INFOTEK company's set of document management system. An information disclosure vulnerability exists in EXCELLENT INFOTEK BiYan versions 1.57 through 2.8. The vulnerability can be exploited to disclose user information password b...

10by10-react-app (=1.2.1), 1k-utils (>=1.0.0 <=1.0.1) +8629 more potentially affected by CVE-2019-10744 via lodash (>=4.0.0 <=4.17.11)

lodash NPM version =4.0.0, =1.0.0, =0.0.2, =0.1.1, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =0.0.1, =0.2.1, =0.0.2, =0.0.7, =0.4.20, =1.0.7, =1.13.10 and more Source cves: CVE-2019-10744 Source advisory: SNYK:JS-LODASH-450202...

curl: Use-after-free when closing "easy" handle in Curl_close()

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

DEBIAN-CVE-2019-8321

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

@codedungeon/gunner (>=0.0.1 <=0.80.1), @codedungeon/laravel-versions-cli (>=0.0.3 <=0.1.0) +74 more potentially affected by unknown CVE via fs-path (>=0.0.22 <=0.0.24)

fs-path NPM version =0.0.22, =0.0.1, =0.0.3, =0.0.9, =1.0.2, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =0.0.40, =1.0.1, =0.0.1, =1.0.1, =0.1.0, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-GC94-6W89-HPQR...

@abhishekdeb/ezmailer (>=0.0.1 <=0.0.2), @aca-1/a2-composer (>=0.1.0 <=0.3.3) +917 more potentially affected by unknown CVE via http-proxy-agent (>=0.2.7 <=2.0.0)

http-proxy-agent NPM version =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.5, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =0.15.0-alpha1, =0.2.0, =0.2.1 - @cdevine49/react-numeric-input =2.2.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8W57-JFPM-945M...

haproxy: Information disclosure in check_request_for_cacheability function in proto_http.c

Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 if cache enabled allows attackers to achieve information disclosure via an unauthenticated remote request, related to the protohttp.c checkrequestforcacheability function...

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

rubygems: Escape sequence injection vulnerability in errors

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

PYSEC-2019-164

aubio v0.4.0 to v0.4.8 has a newaubioonset NULL pointer dereference...

DEBIAN-CVE-2018-19800

aubio v0.4.0 to v0.4.8 has a Buffer Overflow in newaubiotempo...

CVE-2019-4162

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM...

PT-2019-16973 · Ibm · Ibm Security Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Information Queue ISIQ versions 1.0.0 through 1.0.2 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system. Recommendations: For versions 1.0.0 through 1.0.2, consider...

@apifie/node-microservice (>=0.0.1 <=1.0.3), @conversationai/moderator-backend-api (>=1.0.0 <=1.0.6) +101 more potentially affected by unknown CVE via sequelize-cli (>=1.2.0 <=5.4.0)

sequelize-cli NPM version =1.2.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0-beta.1, =2.2.1, =3.1.5, =0.0.10, =0.0.6, =0.0.1, =1.1.7, =1.1.12 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3XC7-XG67-PW99...

abe-cli (>=2.11.3 <=2.14.2), abeadfab (>=2.16.15 <=3.7.20) +25 more potentially affected by unknown CVE via opencv (>=0.0.12 <=5.0.0)

opencv NPM version =0.0.12, =2.11.3, =2.16.15, =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.2, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-F698-M2V9-5FH3...

02moduletest (=1.0.0), 10er10 (=0.23.0) +5715 more potentially affected by unknown CVE via ws (>=0.3.1 <=1.1.4)

ws NPM version =0.3.1, =0.0.1, =1.0.2, =0.0.1, =1.0.1, =0.1.0, =0.0.1, =0.0.15, =0.9.0, =0.0.1, =0.0.1, =0.1.2, =1.0.0-alpha1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5V72-XG48-5RPM...

ALPINE-CVE-2019-5436

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1...