NEWS

There are no events to display

SERVICES

This service collects data related to public available exploits. The database is updated daily through the official...

The service offers a platform that allows Registrars to check for any performance and security problems present on...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

LATEST CVE

Published Description
CVE-2019-5516
15-04-2019 13:29:00
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVE-2019-4178
15-04-2019 11:29:00
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.
CVE-2019-4012
15-04-2019 11:29:00
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886.
CVE-2019-11236
15-04-2019 11:29:00
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
CVE-2019-6609
15-04-2019 11:29:00
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP APM versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.

Pages