Monthly Archive: March 2019

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The ‘manage groups’ capability did not have the ‘XSS risk’ flag...

Mitigates a remote code execution issue in ArcSight Logger versions prior to 6.7. Date published : 2019-03-25 https://softwaresupport.softwaregrp.com/doc/KM03355866

Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7. Date published : 2019-03-25 https://softwaresupport.softwaregrp.com/doc/KM03355866

Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. Date published : 2019-03-25 https://softwaresupport.softwaregrp.com/doc/KM03355866

Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. Date published : 2019-03-25 https://softwaresupport.softwaregrp.com/doc/KM03355866

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. Date published : 2019-03-25 https://softwaresupport.softwaregrp.com/doc/KM03355866

Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. Date published : 2019-03-25 https://softwaresupport.softwaregrp.com/doc/KM03355866

Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. Date published : 2019-03-25 https://softwaresupport.softwaregrp.com/doc/KM03337614

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version...

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3...

utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. Date published : 2019-03-25 https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563

The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to...

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a...

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router...