Security News

CVE-2019-4154

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.
Categories: Security News

CVE-2019-4237

National Vulnerability Database - Mon, 07/01/2019 - 11:15
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.
Categories: Security News

CVE-2019-4295

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758.
Categories: Security News

CVE-2019-4296

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759.
Categories: Security News

CVE-2019-4297

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.
Categories: Security News

CVE-2019-4298

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.
Categories: Security News

CVE-2019-4299

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765.
Categories: Security News

CVE-2019-4322

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.
Categories: Security News

CVE-2019-4336

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.
Categories: Security News

CVE-2019-4337

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412.
Categories: Security News

CVE-2019-13127

National Vulnerability Database - Mon, 07/01/2019 - 11:15
An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js.
Categories: Security News

CVE-2019-13128

National Vulnerability Database - Mon, 07/01/2019 - 11:15
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
Categories: Security News

CVE-2019-13129

National Vulnerability Database - Mon, 07/01/2019 - 11:15
On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling.
Categories: Security News

CVE-2019-4057

National Vulnerability Database - Mon, 07/01/2019 - 11:15
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.
Categories: Security News

CVE-2019-12781

National Vulnerability Database - Mon, 07/01/2019 - 10:15
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Categories: Security News

CVE-2019-13125

National Vulnerability Database - Mon, 07/01/2019 - 10:15
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
Categories: Security News

CVE-2019-12970

National Vulnerability Database - Mon, 07/01/2019 - 07:15
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
Categories: Security News

Vuln: Oracle Java SE CVE-2019-2697 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Mon, 07/01/2019 - 00:00
Oracle Java SE CVE-2019-2697 Remote Security Vulnerability
Categories: Security News

Vuln: Oracle Java SE CVE-2019-2698 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Mon, 07/01/2019 - 00:00
Oracle Java SE CVE-2019-2698 Remote Security Vulnerability
Categories: Security News

Vuln: Oracle Java SE CVE-2019-2602 Remote Security Vulnerability

SecurityFocus Vulnerabilities - Mon, 07/01/2019 - 00:00
Oracle Java SE CVE-2019-2602 Remote Security Vulnerability
Categories: Security News

Pages