WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). Date published : 2019-05-17 https://bugzilla.mozilla.org/show_bug.cgi?id=1550366
GoHTTP through 2017-07-25 has a sendHeader use-after-free. Date published : 2019-05-17 https://github.com/fekberg/GoHttp/issues/15
GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL. Date published : 2019-05-17 https://github.com/fekberg/GoHttp/issues/16
GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. Date published : 2019-05-17 https://github.com/fekberg/GoHttp/issues/17
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the...
SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution. Date published : 2019-05-17 https://news.simplybook.me/notification/
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01,...
Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. Date published : 2019-05-17 https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00252.html
Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. Date published : 2019-05-17 https://support.f5.com/csp/article/K05525310 https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00252.html
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. Date published :...
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2019-05-17...
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2019-05-17...
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. Date published : 2019-05-17 https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html https://medium.com/@mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted. Date published...