IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against...
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429. Date...
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending...
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption...
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site,...
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,...
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. Date published : 2019-02-21 https://help.signiant.com/manager-agents/installation/release-notes/
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart)...
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). Date published : 2019-02-21 https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). Date published : 2019-02-21 https://www.altn.com/Support/SecurityUpdate/MD021519_MDaemon_EN/
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. Date published : 2019-02-21 https://www.exploit-db.com/exploits/45158
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. Date published : 2019-02-21 http://www.securityfocus.com/bid/107120...
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled. Date published : 2019-02-21 https://github.com/huzr2018/orderby_SQLi