When reading from areas partially or fully outside the source resource with WebGL’s copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure....
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox <...
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox...
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as...
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary...
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. Date published : 2020-04-24 https://support.f5.com/csp/article/K69422435
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. Date published : 2020-04-24 https://support.f5.com/csp/article/K28855111
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. Date published :...
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. Date published : 2020-04-24...
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user’s...
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. Date published : 2020-04-24 https://security.netapp.com/advisory/ntap-20200511-0001/ https://community.grafana.com/t/release-notes-v6-7-x/27119
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may...
The Advanced Woo Search plugin version through 1.99 for WordPress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php. Date published : 2020-04-24 https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/1.99/includes/class-aws-search.php#L222 https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.00/includes/class-aws-search.php?rev=2290090#L219
** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of xcexbf to the ‘o’...