VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. Date published : 2018-05-22 http://www.securityfocus.com/bid/104235 https://www.vmware.com/security/advisories/VMSA-2018-0013.html
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. Date published : 2018-05-22 http://www.securityfocus.com/bid/104141...
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL...
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely...
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. Date published : 2018-05-22 http://www.securityfocus.com/bid/104268 https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue...
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data...
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. Date published : 2018-05-22 https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add https://github.com/radare/radare2/issues/9903
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler...
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. Date published : 2018-05-22 https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff https://github.com/radare/radare2/issues/10091
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. Date published : 2018-05-22 https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3 https://github.com/radare/radare2/issues/9902
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. Date published : 2018-05-22 https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134 https://github.com/radare/radare2/issues/9970
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. Date published : 2018-05-22 https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c https://github.com/radare/radare2/issues/9926