Security Vulnerabilities - CVEs Published In February 2019
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-02-11
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information disclosure, denial of service, or request forgery attacks. (PMD 6.x is unaffected because of a 2017-09-15 change.)
CVSS Score
8.1
EPSS Score
0.005
Published
2019-02-11
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
CVSS Score
7.5
EPSS Score
0.055
Published
2019-02-11
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-02-11
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-02-11
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-11
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-11
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-02-11
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-11
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
CVSS Score
7.2
EPSS Score
0.011
Published
2019-02-11