Once Again, Symantec Recognized as a Leader in Email Security

Symantec Named a Leader in Email Security by Third-Party Evaluators
Source: Symantec
Once Again, Symantec Recognized as a Leader in Email Security

CVE-2019-11816 (opnsense, pfsense)

Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
Source: NIST
CVE-2019-11816 (opnsense, pfsense)

CVE-2019-10076 (jspwiki)

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
Source: NIST
CVE-2019-10076 (jspwiki)

CVE-2019-10077 (jspwiki)

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
Source: NIST
CVE-2019-10077 (jspwiki)

CVE-2019-10078 (jspwiki)

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
Source: NIST
CVE-2019-10078 (jspwiki)

CVE-2019-12240 (virim)

The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.
Source: NIST
CVE-2019-12240 (virim)

CVE-2019-12241 (carts_guru)

The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.
Source: NIST
CVE-2019-12241 (carts_guru)

CVE-2019-12239 (wp_booking_system)

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.
Source: NIST
CVE-2019-12239 (wp_booking_system)

CVE-2019-8352

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
Source: NIST
CVE-2019-8352

CVE-2019-4058

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
Source: NIST
CVE-2019-4058