Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. Date published : 2020-03-19 https://tanzu.vmware.com/security/cve-2019-19025 https://github.com/goharbor/harbor/security/advisories
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. Date published : 2020-03-19 https://tanzu.vmware.com/security/cve-2019-19023 https://github.com/goharbor/harbor/security/advisories
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials. Date published : 2020-03-19 https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9
SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not correctly implement the .htaccess protection mechanism. Date published : 2020-03-19 https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_21 https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_9
An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki’s permissions model. Date published : 2020-03-19 https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3 https://phabricator.wikimedia.org/T207094
An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti’s FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then...
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer...
The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. Date published : 2020-03-19 http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm https://starlabs.sg/advisories/
The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. Date published : 2020-03-19 http://help.hancom.com/update_en_multilang/details/HOfficeNEO_update.htm https://starlabs.sg/advisories/
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. Date published : 2020-03-19 https://www.phpbb.com/community/viewtopic.php?t=2523271
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address...
Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for...
A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application...
A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP...