Security Vulnerabilities - CVEs Published In February 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
CVSS Score
8.8
EPSS Score
0.91
Published
2019-02-20
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
CVSS Score
6.5
EPSS Score
0.939
Published
2019-02-20
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-02-20
Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-20
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVSS Score
9.8
EPSS Score
0.02
Published
2019-02-20
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
CVSS Score
7.5
EPSS Score
0.015
Published
2019-02-19
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
CVSS Score
7.5
EPSS Score
0.014
Published
2019-02-19
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
CVSS Score
5.5
EPSS Score
0.0
Published
2019-02-19
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-02-19
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.009
Published
2019-02-19