Monthly Archive: April 2019

Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and...

EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file. Date published : 2019-04-24 https://github.com/EOSIO/eos https://github.com/EOSIO/eos/issues/6585

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration...

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174...

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174...

GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. Date published : 2019-04-24 https://seclists.org/bugtraq/2019/Apr/39 https://gstreamer.freedesktop.org/security/

Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances. Date published : 2019-04-24 https://github.com/aquaverde/aquarius-core/commit/d1dfa5b8280388a0b6f2f341f0681522dbea03b0 https://www.tryption.ch/2019/04/19/cve-2019-9734-password-leakage-im-aquarius-cms/

aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component. Date published : 2019-04-24 https://www.tryption.ch/de/2019/04/19/information-disclosure-im-aquarius-cms/

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. Date published : 2019-04-24 https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-001.md

The workspace client, openspace client, and app development client of TIBCO Software Inc.’s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a...

The workspace client of TIBCO Software Inc.’s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change...

The administrative web server component of TIBCO Software Inc.’s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix...

The administrative server component of TIBCO Software Inc.’s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service...

The administrator web interface of TIBCO Software Inc.’s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric...