Monthly Archive: July 2019

** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This...

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Date published : 2019-07-25 https://sourceforge.net/p/mcj/tickets/52/ https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Date published : 2019-07-25 https://sourceforge.net/p/mcpp/bugs/13/ http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00032.html

Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Date published : 2019-07-25 https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the...

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php. Date published : 2019-07-25 https://github.com/kikulo/DebugOpen/blob/master/OpenSNSv6.1.0/main.md

MetadataExtractor 2.1.0 allows stack consumption. Date published : 2019-07-25 https://github.com/drewnoakes/metadata-extractor-dotnet/pull/190 https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part...

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms. Date published : 2019-07-25 https://auth0.com/docs/security/bulletins/cve-2019-13483

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was...

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue...

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user...

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code. Date published : 2019-07-25 https://www.us-cert.gov/ics/advisories/icsa-19-204-02

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion...