ASA-2019-00428 – Intel SSD DC S4500 Series: Improper authentication in firmware

Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.

ASA-2019-00427 – Intel Processor Diagnostic Tool: Improper access control

Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

ASA-2019-00426 – Atlassian Jira: Template injection in various resources

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact Administrators Form is enabled; or an SMTP server has been configured in Jira and an attacker has "JIRA Administrators" access. In the first case, where the Contact Administrators Form is enabled, attackers are able to exploit this issue without authentication. In the second case, attackers with "JIRA Administrators" access can exploit this issue. In either case, successful exploitation of this issue allows an attacker to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center.

ASA-2019-00425 – VMware ESXi: Partial denial of service vulnerability in hostd process

Multiple failed login attempts to ESXi may cause the hostd service to become unresponsive resulting in a partial denial of service for management functionality.  A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive resulting in conditions such as an ESXi host disconnecting from vCenter.