CVE-2019-7953 — Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
Published: July 18, 2019; 06:15:12 PM -04:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2019-7941 — Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Published: July 18, 2019; 06:15:12 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2019-7850 — Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
Published: July 18, 2019; 06:15:12 PM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2019-7848 — Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Published: July 18, 2019; 06:15:12 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2019-7955 — Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
Published: July 18, 2019; 06:15:12 PM -04:00

V3: 6.1 MEDIUM
V2: 5.8 MEDIUM

CVE-2019-7956 — Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
Published: July 18, 2019; 06:15:12 PM -04:00

V3: 7.8 HIGH
V2: 6.8 MEDIUM

CVE-2019-12913 — Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
Published: July 17, 2019; 05:15:11 PM -04:00

V3: 5.5 MEDIUM
V2: 2.1 LOW

CVE-2019-12912 — Redbrick Shift through 3.4.3 allows an attacker to extract emails of services (such as Gmail, Outlook, etc.) used in the application.
Published: July 17, 2019; 05:15:11 PM -04:00

V3: 5.5 MEDIUM
V2: 2.1 LOW

CVE-2019-1010069 — moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef5976... read CVE-2019-1010069
Published: July 18, 2019; 10:15:11 AM -04:00

V3: 5.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2019-1010261 — Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The... read CVE-2019-1010261
Published: July 18, 2019; 01:15:11 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2019-1010290 — Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link c... read CVE-2019-1010290
Published: July 16, 2019; 10:15:11 AM -04:00

V3: 6.1 MEDIUM
V2: 5.8 MEDIUM

CVE-2019-1010259 — SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for... read CVE-2019-1010259
Published: July 18, 2019; 01:15:11 PM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2019-13959 — In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.
Published: July 18, 2019; 03:15:11 PM -04:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2019-13961 — A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
Published: July 18, 2019; 04:15:12 PM -04:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2019-1575 — Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the us... read CVE-2019-1575
Published: July 16, 2019; 10:15:12 AM -04:00

V3: 8.8 HIGH
V2: 6.5 MEDIUM

CVE-2019-13977 — index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=adm... read CVE-2019-13977
Published: July 19, 2019; 03:15:11 AM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2019-13978 — Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
Published: July 19, 2019; 03:15:11 AM -04:00

V3: 8.8 HIGH
V2: 6.5 MEDIUM

CVE-2019-13624 — In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
Published: July 16, 2019; 11:15:10 PM -04:00

V3: 9.8 CRITICAL
V2: 10.0 HIGH

CVE-2019-13969 — Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
Published: July 19, 2019; 02:15:10 AM -04:00

V3: 8.8 HIGH
V2: 6.5 MEDIUM

CVE-2019-13623 — In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary f... read CVE-2019-13623
Published: July 16, 2019; 11:15:10 PM -04:00

V3: 7.8 HIGH
V2: 6.8 MEDIUM