An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000205B. Date published : 2019-06-21...
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002067. Date published : 2019-06-21...
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B. Date published : 2019-06-21...
An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. Unauthenticated users can get a list of user accounts. Date published : 2019-06-21 https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html https://www.cloudera.com
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may...
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the...
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. Date published : 2019-06-21 https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks
Akamai CloudTest before 58.30 allows remote code execution. Date published : 2019-06-21 https://blogs.akamai.com/sitr/2019/06/cloudtest-vulnerability-cve-2019-11011.html
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. Date published : 2019-06-21...
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. Date published...
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. Date published : 2019-06-21 http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible (due to lack of verification and correlation between the reset password key sent by mail and...
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for...
Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. Date published : 2019-06-21 https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2019-002.md