Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. Date published : 2018-06-22 https://github.com/slims/slims8_akasia/issues/99
Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. Date published : 2018-06-22 https://github.com/slims/slims8_akasia/issues/98
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this...
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. Date published : 2018-06-22 https://bugs.freedesktop.org/show_bug.cgi?id=106981 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00075.html
Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. Date published : 2018-06-22 https://github.com/Froxlor/Froxlor/commit/aa881560cc996c38cbf8c20ee62854e27f72c73c
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames:...
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. Date published : 2018-06-22 Solid Security – Password, Two Factor Authentication, and Brute...
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete...
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have...
** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can...
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned...
Dovecot before version 2.2.29 is vulnerable to a denial of service. When ‘dict’ passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform...
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. Date...
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. Date published : 2018-06-21 http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm