Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. Date published : 2019-04-17 https://contao.org/en/news.html https://contao.org/en/news/security-vulnerability-cve-2019-10641.html
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Date published : 2019-04-17 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/
Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local...
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. Date published : 2019-04-17 https://support.f5.com/csp/article/K26710120 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00238.html
Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Date published...
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. Date published : 2019-04-16 http://www.securityfocus.com/bid/107518 http://seclists.org/fulldisclosure/2019/Mar/34
The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size...
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating...
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within...
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root....
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local...
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. Date published : 2019-04-15 https://www.ibm.com/support/docview.wss?uid=ibm10744713 https://exchange.xforce.ibmcloud.com/vulnerabilities/152925
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html https://docs.google.com/document/d/1rwN4hJkD5TJfCa16rsGwzYhzL-ODd2VLkFnPvAIq4Ys/edit?usp=sharing
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. Date published : 2019-04-15 https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html https://docs.google.com/document/d/1rwN4hJkD5TJfCa16rsGwzYhzL-ODd2VLkFnPvAIq4Ys/edit?usp=sharing