An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. Date published : 2018-04-28 https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c https://github.com/LibRaw/LibRaw/issues/144
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. Date published : 2018-04-28 https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3 https://github.com/LibRaw/LibRaw/issues/144
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. Date published : 2018-04-28 https://github.com/teameasy/EasyCMS/issues/2
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims’ balances into their account) because certain computations involving...
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. Date published : 2018-04-27 https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/ https://exchange.xforce.ibmcloud.com/vulnerabilities/92099
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Date published : 2018-04-27 https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/ http://secunia.com/advisories/57351
IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. Date published : 2018-04-27 http://www-01.ibm.com/support/docview.wss?uid=swg21663960 https://exchange.xforce.ibmcloud.com/vulnerabilities/89855
IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to...
IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0...
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. Date published : 2018-04-27 https://github.com/brookinsconsulting/bccie/commit/d11811baccf265ff567dddca03cac70b65838a4f https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-004/?fid=3853
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. Date published : 2018-04-27 https://bugzilla.redhat.com/show_bug.cgi?id=1059410 https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. Date published : 2018-04-27 https://bugzilla.redhat.com/show_bug.cgi?id=1059410 https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force...
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. Date published : 2018-04-27 https://cloudrouter.org/security/ https://git.opendaylight.org/gerrit/#/c/17709/