IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514. Date published : 2020-04-29 https://www.ibm.com/support/pages/node/6202556 https://exchange.xforce.ibmcloud.com/vulnerabilities/160514
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. Date published : 2020-04-29 https://lgsecurity.lge.com/
AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX...
An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges. Date published : 2020-04-29 https://www2.deloitte.com/it/it/pages/risk/articles/security-advisory-article—deloitte-italy—risk.html
The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. Date published : 2020-04-29 https://www2.deloitte.com/it/it/pages/risk/articles/security-advisory-article—deloitte-italy—risk.html
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input...
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. Date published : 2020-04-29 https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536 https://www.pega.com/products/pega-platform
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. Date published : 2020-04-29 https://community.pega.com/node/1913996
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. Date published : 2020-04-29 https://community.pega.com/knowledgebase/products/platform/resolved-issues?q=issue%20529706&f%5B0%5D=version%3A32536
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. Date published : 2020-04-29 http://www.handysoft.co.kr/product/product.html?seq=12 https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high...
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. Date published : 2020-04-29 https://github.com/nilsteampassnet/TeamPass/issues/2762
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. Date published : 2020-04-29 https://github.com/nilsteampassnet/TeamPass/issues/2764
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. Date published :...