A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. Date published : 2019-06-26 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133...
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. Date published : 2019-06-25 http://www.securityfocus.com/bid/108907 https://www.ibm.com/support/docview.wss?uid=ibm10882924
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID:...
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. Date published : 2019-06-25 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us...
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328. Date published : 2019-06-25 http://www.securityfocus.com/bid/108891 https://support.hp.com/us-en/document/c06388027
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329. Date published : 2019-06-25 http://www.securityfocus.com/bid/108891 https://support.hp.com/us-en/document/c06388027
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. Date published : 2019-06-25 http://www.securityfocus.com/bid/108893 https://www.ibm.com/support/docview.wss?uid=ibm10886747
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803. Date published : 2019-06-25 http://www.securityfocus.com/bid/108915 https://www.ibm.com/support/docview.wss?uid=ibm10887853
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user’s identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574. Date...
IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. Date published : 2019-06-25 https://www.ibm.com/support/docview.wss?uid=ibm10888379 https://exchange.xforce.ibmcloud.com/vulnerabilities/158572
IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker...
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser...