Monthly Archive: April 2019

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete...

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. Date published : 2019-04-15 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in...

In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. Date published : 2019-04-14 https://github.com/caokang/waimai/issues/7

models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. Date published : 2019-04-13 http://packetstormsecurity.com/files/160833/Gitea-1.7.5-Remote-Code-Execution.html https://github.com/go-gitea/gitea/releases/tag/v1.7.6

repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. Date published : 2019-04-13 https://github.com/go-gitea/gitea/releases/tag/v1.7.6 https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3

Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. Date published : 2019-04-12 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. Date published : 2019-04-12 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. Date published : 2019-04-12 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. Date published : 2019-04-12 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. Date published : 2019-04-12 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. Date published : 2019-04-12 https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/

Subrion CMS 4.1.5 has CSRF in blog/delete/. Date published : 2019-04-12 https://github.com/intelliants/subrion/issues/477

A buffer overflow has been found in the Zephyr Project’s getaddrinfo() implementation in 1.9.0 and 1.10.0. Date published : 2019-04-12 https://github.com/zephyrproject-rtos/zephyr/pull/6158 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12