CVE-2019-4039

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local attacker to cause a denial of service within the error log reporting system. IBM X-Force ID: 156163...

PT-2019-4185 · Gnome +5 · Gnome Glib +5

Name of the Vulnerable Software and Affected Versions: GNOME GLib versions 2.15.0 through 2.61.1 Description: The issue is related to the file copy fallback function in the gio/gfile.c file, which does not properly restrict file permissions during a copy operation. Instead of using restricted...

CVE-2019-5946

Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen...

CVE-2019-5938

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'...

com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5), gradle.plugin.com.bytekast:serverless-local-apigateway (>=0.4 <=0.5) +1 more potentially affected by CVE-2019-11808 via io.ratpack:ratpack-groovy (>=0.9.0 <=1.6.0)

io.ratpack:ratpack-groovy MAVEN version =0.9.0, =0.4, =0.4, =0.9.0, =1.10.0-milestone-39 Source cves: CVE-2019-11808 Source advisory: OSV:GHSA-54MG-VGRP-MWX9...

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

DEBIAN-CVE-2019-11494

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command...

CVE-2018-13994

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections...

PT-2019-18199 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.5.2 through 11.5.8 F5 BIG-IP versions 11.6.1 through 11.6.3.4 F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1 Description: A user with the...

CVE-2018-16718

An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +360 more potentially affected by CVE-2018-7575 via tensorflow (>=1.0.1 <=1.7.0)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.3.1, =0.1.0, =0.4.2, =0.1.0, =0.4.0, =0.1.0, =0.3.1 and more Source cves: CVE-2018-7575 Source advisory: OSV:GHSA-MW6V-CRH8-8533...

PT-2019-3525 · Dovecot +3 · Dovecot +3

Name of the Vulnerable Software and Affected Versions: Dovecot versions 2.3.3 through 2.3.5.2 Description: The issue is related to the implementation of the Internet Message Access Protocol IMAP in the Dovecot mail server, specifically a null pointer dereference. This can be exploited by a remote...

Cybozu Garoon path traversal vulnerability (CNVD-2019-12702)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A path traversal vulnerability exists in Cybozu Garoon versions 4.0.0 through 4.10.1, which originates when a...

Cybozu Garoon Privilege Access Control Issue Vulnerability (CNVD-2019-12703)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A vulnerability exists in the privilege access control issue in Cybozu Garoon versions 4.0.0 through 4.10.1. The...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2019-12700)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.0.0 through 4.10.1, which originates from...

Cybozu Garoon Access Control Error Vulnerability (CNVD-2019-12696)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An access control error vulnerability exists in Cybozu Garoon versions 4.0.0 through 4.10.1. The vulnerability...

abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +360 more potentially affected by CVE-2018-7577 via tensorflow (>=1.0.1 <=1.7.0)

tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.3.1, =0.1.0, =0.4.2, =0.1.0, =0.4.0, =0.1.0, =0.3.1 and more Source cves: CVE-2018-7577 Source advisory: OSV:PYSEC-2019-207...

UBUNTU-CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIN...

CVE-2019-2719

Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM subcomponent: Web Applications InfoCenter. Supported versions that are affected are 8.5.1.0 - 8.5.1.7, 8.6.0 and 8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component Access Control Error Vulnerability (CNVD-2019-28266)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle Corporation. The products provide human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise PeopleTools is one of the tools and technology platform...