Security Vulnerabilities - CVEs Published In May 2019
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-17
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-17
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-17
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-05-17
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-05-17
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-05-17
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
CVSS Score
5.6
EPSS Score
0.001
Published
2019-05-17
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-05-17
Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-05-17
Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-05-17