Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Date published : 2020-05-29 http://packetstormsecurity.com/files/157861/Pi-Hole-4.3.2-DHCP-MAC-OS-Command-Execution.html http://packetstormsecurity.com/files/158737/Pi-hole-4.3.2-Remote-Code-Execution.html
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data Date published : 2020-05-29 https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. Date published : 2020-05-29 https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613 https://updates.snyk.io/snyk-broker-security-fixes-152338
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network by creating symlinks to match whitelisted paths. Date published...
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal. Date published : 2020-05-29 https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611 https://updates.snyk.io/snyk-broker-security-fixes-152338
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk’s internal network via patch history from GitHub Commits API. Date...
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk’s internal network of any files ending in...
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk’s internal network by appending the URL with a fragment identifier...
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. Date published :...
Android App ‘kintone mobile for Android’ 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. Date published : 2020-05-29 https://jvn.jp/en/jp/JVN78745667/index.html https://kb.cybozu.support/article/36211/
Android App ‘Mailwise for Android’ 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. Date published : 2020-05-29 https://jvn.jp/en/jp/JVN78745667/index.html https://kb.cybozu.support/article/36411/
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could...
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. Date published : 2020-05-29 https://www.ibm.com/support/pages/node/6217600 https://exchange.xforce.ibmcloud.com/vulnerabilities/178427
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...