Neuvector 3.1 and below to authenticate as a valid AD LDAP user using a blank password

Overview : NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an

Overview : In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to

Overview : Multiple issues was discovered in Backdrop CMS Affected Product(s) : Backdrop Core 1.14.x versions prior to 1.14.2 Backdrop

Overview : There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data

Overview : Unprivileged authenticated flaw in Ivanti Workspace Control before 10.3.180.0 a locally authenticated user with low privileges can bypass

Overview : CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration Affected Product(s) : CloudForms

Overview : An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running “select hostdetails

Overview : A cross site scripting security vulnerability has been identified with Case Builder component in IBM Case Manager Affected

Overview : TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. Affected Product(s) :

Overview : OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs

Overview : Octeth Oempro 4.7 found a SQL injection. The parameter “CampaignID” in “Campaign.Get” is vulnerable to SQL Injection attacks.

Overview : A logical error in bounds checking performed on vsock virtio descriptors can be used by a malicious guest

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site

Overview : UAA logs all query parameters with debug logging level Affected Product(s) : CF Deployment All versions prior to

Overview : Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers

Overview : A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a

Overview : New vulnerabilities discovered in FortiOS Affected Product(s) : FortiOS versions 6.2.1 and below. FortiOS versions 6.0.6 and below.

Overview : Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the

Overview : Multiple issues was discovered in Symfony Affected Product(s) :  Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0

Overview : New vulnerabilities discovered in MediaWiki Affected Product(s) : MediaWiki before 1.19.4 and 1.20.x before 1.20.3 Vulnerability Details :

Overview : New vulnerabilities discovered in Tiki Wiki Affected Product(s) : Tiki 7.2 & 8.0 RC1 Vulnerability Details : CVE

Overview : Multiple flaws in Openfind MAIL2000 through version 6.0 and 7.0 Affected Product(s) : Openfind MAIL2000 through version 6.0

Overview : Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter