Weekly Vulnerabilities Reports > January 13 to 19, 2020

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment).

A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.

Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.

A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents.

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host.

libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump.

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process.

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass.

GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition.

A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen.

Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.

Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled.

In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c.

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.

Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.

The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

Vulnerability in the Core RDBMS component of Oracle Database Server.

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service.

async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.

In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash.

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE).

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

Vulnerability in the Java VM component of Oracle Database Server.

Systrace before 1.6.0 has insufficient escape policy enforcement.

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.

Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.

A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service

A remote code execution issue was discovered in HashBrown CMS through 1.3.3.

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW).

LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability.

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core).

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.

An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.

A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application.

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-....

A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4).

Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges.

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.

A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges.

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions).

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration).

abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer.

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC.

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435.

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435.

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435.

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435.

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

OSIsoft PI Vision, All versions of PI Vision prior to 2019.

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI).

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.

MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.

A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.

Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.

PotPlayer 1.5.40688: .avi File Memory Corruption

A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.

An issue was discovered in Maarch RM before 2.5.

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project.

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash.

Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook.

Bitbucket Server and Bitbucket Data Center from version 4.13.

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields.

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System).

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework).

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management).

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service).

Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository).

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.

A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.

An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.

Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3.

An issue was discovered in Maarch RM before 2.5.

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI.

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions).

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'.

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses.

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue.

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework).

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing).

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide).

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service).

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

Vulnerability in the Oracle Applications DBA component of Oracle Database Server.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI).

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication).

Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication).

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener).

XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login).

whoopsie-daisy before 0.1.26: Root user can remove arbitrary files

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files.

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint.

The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console).

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security).

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI).

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

Vulnerability in the Core RDBMS component of Oracle Database Server.

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL.

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid.

An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504.

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability.

HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands.

Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f.

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user.

The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification.

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.

XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework).

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload).

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler).

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module).

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability.

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability.

Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.

The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.

JetBrains IDETalk plugin before version 193.4099.10 allows XXE

spamdyke prior to 4.2.1: STARTTLS reveals plaintext

Joomla! 1.5x through 1.5.12: Missing JEXEC Check

Joomla! before 2.5.3 allows Admin Account Creation.

Joomla! core before 2.5.3 allows unauthorized password change.

On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.

Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users.

Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.

TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.

Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.

Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM).

The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.

Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6.

An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6.

Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter.

ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability.

Grand MA 300 allows a brute-force attack on the PIN.

Grand MA 300 allows retrieval of the access PIN from sniffed data.

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207.

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload).

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess).

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface).

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

Vulnerability in the Database Gateway for ODBC component of Oracle Database Server.

A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'.

A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser.

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security).

Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access.

The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations).

Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'.

A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6.

Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation.

Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System).

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory.

Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section).

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title).

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter.

VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.

A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms.

A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms.

Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components.

openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter.

A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0.

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.

python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.

Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search).

Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder).

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks).

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload).

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability.

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability.

The Linux kernel before 2.4.36-rc1 has a race condition.

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.

Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user.

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.

A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.

A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier.

A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.

MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks.

PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

ClickDesk version 4.3 and below has persistent cross site scripting

An issue was discovered on Cayin SMP-PRO4 devices.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1.

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL.

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.

An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack.

XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component.

Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation

Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets

Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI.

Vulnerability in the Core RDBMS component of Oracle Database Server.

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters.

In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.

OSIsoft PI Vision, All versions of PI Vision prior to 2019.

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer).

A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.

An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).

An issue was discovered on Cayin SMP-PRO4 devices.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1.

Vulnerability in the Core RDBMS component of Oracle Database Server.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure).

Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine.

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account).

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0.

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3.

OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1.

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login).

Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.

In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

Vulnerability in the Oracle Applications DBA component of Oracle Database Server.

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security).

Vulnerability in the Core RDBMS component of Oracle Database Server.

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.

A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.

Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access.

Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access.

In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.

Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.

Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations).

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter).

Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager).

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.

A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'.

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components.

SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.

Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.

In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All).

Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates).