Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. Date published : 2019-02-20...
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. Date published : 2019-02-20 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/ https://www.libraw.org/news/libraw-0-19-2-release
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. Date published : 2019-02-20 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/ https://www.libraw.org/news/libraw-0-19-2-release
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. Date published : 2019-02-20 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/ https://www.libraw.org/news/libraw-0-19-2-release
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser...
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. Date published...
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. Date published : 2019-02-20 https://www.liquidware.com/content/pdf/documents/support/Liquidware-ProfileUnity-Release-Notes.pdf
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. Date published : 2019-02-20 https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker...
In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. Date published : 2019-02-20 http://www.iwantacve.cn/index.php/archives/112/
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. Date published : 2019-02-20 https://www.exploit-db.com/exploits/46538/ https://cxsecurity.com/issue/WLB-2019020153
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Date published : 2019-02-20 http://www.securityfocus.com/bid/107375 https://seclists.org/bugtraq/2019/May/18
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827....
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use...