Ruckus (Brocade) ICX7450-48 web application has a reflected cross site scripting vulnerability. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site and allow the attacker to access sensitive browser-based information.
27a7cd8a7a62e0be86fc0d1b264684c922b4883cb9b420bbfe2e830d0dc023e0
Debian Linux Security Advisory 4210-1 - This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update).
e7dea1a2627fbb19e4616f6132a1e36513ef8af16446a94b6535d852641ce04e
Debian Linux Security Advisory 4209-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
8bbe58c3e9149d6a999adfc2a891c12ec7ba1c9b3ae6957237c80f7104c859b5
Microsoft Windows Paint suffers from security feature bypass and unsafe file creation vulnerabilities.
e6fef4e0b9ef146905d8a071b3b29604250562d956ddbfa3221083d5aa8a09c9
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
bf2758f710f5c4fe5241aa4cde9fdd9079abc1121a02d1ab0b1722bc127d65f2
Oracle WebCenter (Fatwire) Content Server versions prior to 7 suffer from an improper access control vulnerability.
11b66a517d85ae5791cf12834f198989ebf759b0c1b2dbbb348334070c9ccc5f
SAP Internet Transaction Server 6200.x suffers from session fixation and cross site scripting vulnerabilities.
c374e8d14e78e73390da1e10fc4c4271a42c7efb1f8f9b21ddcf6ecbea0a04e7
MyBB Moderator Log Notes plugin version 1.1 suffers from a cross site scripting vulnerability.
646be467fbb3c4182ed953787289ccf1a8af62a09848362c2e7238841160395b
KomSeo Cart version 1.3 suffers from a remote SQL injection vulnerability.
a7e0f57a689ccff05e4bb8917e6265377c6a4da92979d293027baca984aa5555
Symfony versions 2.7.0 up to but not including 4.0.10 suffer from a denial of service vulnerability.
26b7da48a7c27d7fa08e3760dbf6cd9067e7c7cd898165e49aa5ce37faddd8f6
Wchat Fully Responsive PHP AJAX Chat Script version 1.5 suffers from a remote shell upload vulnerability.
0ed4e745c1fab69e002b80f43d15a180c82c3803904e06a035dbb3d0a992e38e
Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with the screen capture permissions. The vendor (Google) fixed this issue in 2018-02-01 Pixel security update.
419aa59f60c639bf9769fc664825bf713bf20d2a125449f8cf156e98eb09bb86
NewsBee CMS version 1.4 suffers from a cross site scripting vulnerability.
b29734cf2cb29fd89675210cdae2a6a39fc4655c6cb7c839eb7a44375cec5615
Tim Balitbang Depdiknas version 3.5 suffers from a remote SQL injection vulnerability.
3c5492e70aa18863af06b672e9e6820589355ac2400bad9a061e99946538679f
Oracle WebCenter versions 7.x prior to 11gR1 suffer from multiple cross site scripting vulnerabilities.
9c071f03c8c68b6284774cf48b6b05b21b05c5b4ac2ddcf9ac66353a74382ac9
Tim Balitbang Depdiknas version 3.5 suffers from a persistent cross site scripting vulnerability.
10f865ba4c1ea710de4395a5eba58a68f06124679f5c912826e8f575c1199b56