An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of...
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources....
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a...
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE)...
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could expose password hashes in stored in system memory on target systems that are configured to use TADDM. IBM X-Force ID: 145110. Date published :...
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). Date published : 2019-02-04 https://www.dell.com/support/article/sln316095/
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible. Date published : 2019-02-04 https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/
An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is...
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. Date published : 2019-02-04 https://www.exploit-db.com/exploits/46305/ https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/
An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation...
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. Date published : 2019-02-04 https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/
When using PySpark , it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2,...
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact–CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack...
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Date published : 2019-02-04 http://www.securityfocus.com/bid/106848 https://www.debian.org/security/2020/dsa-4712