A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA...
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain...
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user...
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim’s credentials Date published : 2019-07-29 https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player/
edx-platform before 2015-09-17 allows XSS via a team name. Date published : 2019-07-29 https://open.edx.org/announcements/cve-2015-6960/
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. Date published : 2019-07-29 https://open.edx.org/announcements/cve-2015-6253/ https://open.edx.org/CVE-2015-6253
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. Date published : 2019-07-29 https://open.edx.org/announcements/CVE-2015-5601
edx-platform before 2016-06-06 allows CSRF. Date published : 2019-07-29 https://open.edx.org/announcements/cross-site-request-forgery-bug-edx-lms/ https://github.com/edx/edx-platform/commit/d54f79f5bf3e1af17063937df1abc0026843412d.patch
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. Date published : 2019-07-29 https://open.edx.org/announcements/security-alert-account-activation-unverified-email/
Planon before Live Build 41 has XSS. Date published : 2019-07-29 https://www2.deloitte.com/de/de/pages/risk/articles/planon-cross-site-scripting.html
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can...
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. Date published : 2019-07-29...
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an...
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime....