IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive...
A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. Date published : 2020-05-11 https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35387
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. Date published : 2020-05-11 https://github.com/apple/swift-nio-extras/security/advisories/GHSA-xhhr-p2r9-jmm7
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. Date published : 2020-05-11 https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009 https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,
Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. Date published :...
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection’s Tamper Protection feature is disabled. Date published : 2020-05-11 https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762
Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. Date published : 2020-05-11 https://support.broadcom.com/security-advisory/security-advisory-detail.html?notificationId=SYMSA1762
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. Date published : 2020-05-11...
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds...
Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via unspecified vectors. PalletControl 7...
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the...
A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality....
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon. Date...
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). Date published : 2020-05-11 https://documentation.cpanel.net/display/CL/86+Change+Log