Rancher Labs Rancher Privilege Permission and Access Control Issues Vulnerability

Rancher Labs Rancher is the United States Rancher Labs, Inc. of a set of open source enterprise-class container management platform. A vulnerability exists in Rancher Labs Rancher versions 2.0.0 through 2.1.5 for privilege licensing and access control issues. The vulnerability stems from a lack o...

ALPINE-CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

IBM API Connect Encryption Issue Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An encryption issue vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.5,...

Apache JSPWiki Information Disclosure Vulnerability

Apache JSPWiki is the U.S. Apache Apache Software Foundation of a Java-based , Servlet and JSP to build an open source WikiWiki engine . A security vulnerability exists in Apache JSPWiki versions 2.9.0 through 2.11.0.M2. The vulnerability can be exploited by an attacker to obtain the details of a...

ALPINE-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

UBUNTU-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

UBUNTU-CVE-2018-18898

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing...

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +643 more potentially affected by CVE-2018-1334 via org.apache.spark:spark-core_2.10 (>=1.0.0 <=2.1.2)

org.apache.spark:spark-core2.10 MAVEN version =1.0.0, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =0.17.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2018-1334 Source advisory: OSV:GHSA-6MQQ-8R44-VMJChttps://vulners.com/osv/OSV:GHSA-6MQQ-8R44-VMJ...

RubyGems Code Execution Vulnerability (CNVD-2019-12146)

RubyGems is a Ruby package manager from the RubyGems organization. The product is mainly used for publishing and managing Ruby packages. A security vulnerability exists in RubyGems versions 2.6 through 3.0.2 in verbose, which stems from Gem::UserInteractionverbose failing to escape before calling...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2019-06160)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

PT-2019-16847 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 5.2.0.1 through 6.0.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

CVE-2019-8983

MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS issue 1 of 2...

@loke/mysql-orm (=1.12.0), @weiqiwang/nodejs-develop-kit (=1.2.0) +179 more potentially affected by CVE-2016-10550 via sequelize (>=1.0.2 <=3.14.2)

sequelize NPM version =1.0.2, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.0.5, =0.0.1, =0.0.1, =2.0.0, =0.0.1, =0.0.2-a, =0.0.131-a and more Source cves: CVE-2016-10550 Source advisory: OSV:GHSA-98PQ-PMW9-4GPM...

mod_jk: connector path traversal due to mishandled HTTP requests in httpd

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

CVE-2019-3823

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtpendofresp isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol call rea...

CVE-2017-1177

IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429...

bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 - bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also ...

PT-2019-3932 · Apache +7 · Apache Http Server +7

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.34 through 2.4.38 Description: A vulnerability was found in the implementation of the HTTP/2 protocol in the Apache HTTP Server. The issue is related to the handling of HTTP requests. When HTTP/2 was enabled fo...

Joomla! cross-site scripting vulnerability (CNVD-2019-14557)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in modbanners in Joomla! versions 2.5...

UBUNTU-CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...