WordPress WooCommerce CardGate Payment Gateway plugin version 3.1.15 suffers from a payment process bypass vulnerability.

Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.

Red Hat Security Advisory 2020-0734-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2020-1346-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Django version 3.0 suffers from a cross site request forgery token bypass vulnerability.

Huawei HG630 2 Router suffers from an authentication bypass vulnerability.

QRadar Community Edition version 7.3.1.6 suffers from an authorization bypass vulnerability.

rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.

Ubuntu Security Notice 4312-1 - Matthias Gerstner discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root.

Red Hat Security Advisory 2020-1308-01 - The org.ovirt.engine-root is a core component of oVirt.

Linux versions 5.3 and above appear to have an issue where io_uring suffers from insecure handling of the root directory for path lookups.

Netis E1+ version 1.2.32533 suffers from having a hardcoded backdoor root account.

This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.

Apple Security Advisory 2019-12-10-3 - macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

Apple Security Advisory 2020-1-28-3 - watchOS 6.1.2 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2020-03-24-1 - iOS 13.4 and iPadOS 13.4 are now available and address buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-2 - macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address buffer overflow, bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2020-03-24-3 - tvOS 13.4 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-4 - watchOS 6.2 is now available and addresses buffer overflow and code execution vulnerabilities.

Apple Security Advisory 2020-03-24-5 - Safari 13.1 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-6 - iTunes for Windows 12.10.5 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-7 - Xcode 11.4 is now available and contains security improvements.

Apple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Open-AudIT version 3.3.0 suffers from a cross site scripting vulnerability.

PHP-Fusion version 9.03.50 suffers from a persistent cross site scripting vulnerability.

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.

Sentrifugo CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

OpenZ ERP version 3.6.60 suffers from a persistent cross site scripting vulnerability.

Gentoo Linux Security Advisory 202003-59 - Multiple vulnerabilities have been found in libvpx, the worst of which could result in the execution of arbitrary code. Versions less than 1.8.1 are affected.

Gentoo Linux Security Advisory 202003-60 - Multiple vulnerabilities have been found in QtCore, the worst of which could result in the execution of arbitrary code. Versions less than 5.13.2-r2 are affected.

Gentoo Linux Security Advisory 202003-61 - A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code. Versions less than 32.0.0.330 are affected.

Gentoo Linux Security Advisory 202003-62 - A buffer overflow in GNU Screen might allow remote attackers to corrupt memory. Versions less than 4.8.0 are affected.

Gentoo Linux Security Advisory 202003-63 - Multiple vulnerabilities have been found in GNU IDN Library 2, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.0 are affected.

Gentoo Linux Security Advisory 202003-64 - Multiple vulnerabilities have been found in libxls, the worst of which could result in the arbitrary execution of code. Versions less than 1.5.2 are affected.

Gentoo Linux Security Advisory 202003-65 - Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. Versions greater than or equal to 4 are affected.

Gentoo Linux Security Advisory 202003-66 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 4.2.0-r2 are affected.