IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user’s control. If the...
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote...
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+=’?u202auFEFFu202b’; concatenation in a SCRIPT element. Date published...
A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of...
In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014....
** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment via a...
Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. Date published : 2018-05-07 https://security.gentoo.org/glsa/201811-14 https://bugzilla.redhat.com/show_bug.cgi?id=1575201
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. Date published : 2018-05-07 http://www.securityfocus.com/bid/104089 http://bugzilla.maptools.org/show_bug.cgi?id=2788
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than...
Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Date published : 2018-05-07 https://docs.google.com/document/d/11Ms9j82hpH8iA0oc4QH0qUG6gq-ZOiqI0YroAFMrcD8/edit
The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact. Date published : 2018-05-07 https://docs.google.com/document/d/1gkHfRWO9f-FTBhZ3ZT3RMZZ_JbJ18ZIkH2GlVTV35cQ/edit
NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml. Date published : 2018-05-07...
Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml. Date published : 2018-05-07...