@CVEnew

Subscribe to @CVEnew feed @CVEnew
The latest Tweets from CVE (@CVEnew). Official account maintained by the CVE Team to notify the community of new CVE IDs. For additional data feeds see: https://t.co/Q5mNTLbO7i
Updated: 21 min 17 sec ago

[Action required] Your RSS.app Trial has Expired - Thu May 23 2019

10 hours 21 min ago
Your trial has expired. Please update your subscription plan at rss.app.
Categories: Linux, Security

[Action required] Your RSS.app Trial has Expired - Wed May 22 2019

Wed, 22/05/2019 - 15:33
Your trial has expired. Please update your subscription plan at rss.app.
Categories: Linux, Security

CVE-2019-10067 An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5...

Wed, 22/05/2019 - 04:00

CVE-2019-10067 An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may mani... https://t.co/PRJyUDAfZo

— CVE (@CVEnew) May 22, 2019
Categories: Linux, Security

CVE-2019-10066 An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0....

Wed, 22/05/2019 - 04:00

CVE-2019-10066 An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate per... https://t.co/Q4TLLU2YrY

— CVE (@CVEnew) May 22, 2019
Categories: Linux, Security

CVE-2019-9892 An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, an...

Wed, 22/05/2019 - 04:00

CVE-2019-9892 An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully craft... https://t.co/JCJY7DhzjY

— CVE (@CVEnew) May 22, 2019
Categories: Linux, Security

CVE-2019-6513 An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as AP...

Wed, 22/05/2019 - 01:45

CVE-2019-6513 An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one. https://t.co/ZcRld0nWgq

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12270 OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by defau...

Tue, 21/05/2019 - 23:45

CVE-2019-12270 OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions ... https://t.co/PqWDSm7oLR

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12269 Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause...

Tue, 21/05/2019 - 23:45

CVE-2019-12269 Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. https://t.co/JfNdJpTWaN

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12252 In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view ...

Tue, 21/05/2019 - 21:45

CVE-2019-12252 In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the https://t.co/PKrkohvBZR subst... https://t.co/r67ZkwyfId

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12190 XSS was discovered in http://CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 vi...

Tue, 21/05/2019 - 21:45

CVE-2019-12190 XSS was discovered in https://t.co/OgZCshj3Hu (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. https://t.co/QuK1wiwjMU

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12189 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the http://SearchN...

Tue, 21/05/2019 - 21:45

CVE-2019-12189 An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the https://t.co/ap8prD3pbH search field. https://t.co/o740i8wcBy

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12253 my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_post...

Tue, 21/05/2019 - 20:45

CVE-2019-12253 my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting. https://t.co/urunVnYQ9D

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12251 sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue p...

Tue, 21/05/2019 - 19:45

CVE-2019-12251 sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index.php?do=sadmin_ceditpost cvalue parameter. https://t.co/nwFL91wRlG

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-12250 IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/R...

Tue, 21/05/2019 - 19:45

CVE-2019-12250 IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. https://t.co/I0moVc5nMP

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-10320 Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update creden...

Tue, 21/05/2019 - 16:45

CVE-2019-10320 Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of fil... https://t.co/lIOaX27feL

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-10319 A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSe...

Tue, 21/05/2019 - 16:45

CVE-2019-10319 A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow an... https://t.co/um15iXWsvw

— CVE (@CVEnew) May 21, 2019
Categories: Linux, Security

CVE-2019-11816 Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 a...

Tue, 21/05/2019 - 01:45

CVE-2019-11816 Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. https://t.co/6CNZM8kzGT

— CVE (@CVEnew) May 20, 2019
Categories: Linux, Security

CVE-2019-10078 A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 ...

Tue, 21/05/2019 - 00:45

CVE-2019-10078 A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that m... https://t.co/e7H3ivVHaX

— CVE (@CVEnew) May 20, 2019
Categories: Linux, Security

CVE-2019-10077 A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11....

Tue, 21/05/2019 - 00:45

CVE-2019-10077 A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. https://t.co/EoUUxO62GT

— CVE (@CVEnew) May 20, 2019
Categories: Linux, Security

CVE-2019-10076 A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to...

Tue, 21/05/2019 - 00:45

CVE-2019-10076 A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. https://t.co/pnxS9FkGoR

— CVE (@CVEnew) May 20, 2019
Categories: Linux, Security

Pages