>> ARCHIVE: 2020-03

WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.

TP-Link TL-WR849N version 0.9.1 4.16 suffers from a firmware upload authentication bypass vulnerability.

Cyberoam Authentication Client version 2.1.2.7 suffers from a buffer overflow vulnerability.

Netis WF2419 version 2.2.36123 suffers from a remote code execution vulnerability.

Intelbras Wireless N 150Mbps WRN240 suffers from a configuration upload authentication bypass vulnerability.

Wing FTP Server version 6.2.3 suffers from a privilege escalation vulnerability.

Microsoft Exchange 2019 version 15.2.221.12 suffers from an authenticated remote code execution vulnerability.

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.

An issue in JSC leaves the data flow graph inconsistent. While fuzzing JavaScriptCore with fuzzilli, the researcher found a crash condition in JSC.

macOS and iOS have a vulnerability with ImageIO where memory safety issues occur when processing OpenEXR images.