Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-15477 |
Jooby before 1.6.4 has XSS via the default error handler. Published: August 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15476 |
Former before 4.2.1 has XSS via a checkbox value. Published: August 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15513 |
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. Published: August 23, 2019; 3:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2019-15508 |
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. Published: August 23, 2019; 2:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15507 |
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. Published: August 23, 2019; 2:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15505 |
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). Published: August 23, 2019; 2:15:10 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-15504 |
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Published: August 23, 2019; 2:15:10 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-15499 |
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. Published: August 23, 2019; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15498 |
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. Published: August 23, 2019; 12:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-15329 |
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15328 |
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15327 |
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15326 |
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-15325 |
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-13139 |
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.4 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-20987 |
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-20986 |
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18585 |
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2017-18579 |
The corner-ad plugin before 1.0.8 for WordPress has XSS. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18578 |
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |