Security Vulnerabilities - CVEs Published In May 2019
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-15
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-15
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-15
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-15
Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-05-15
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-05-15
coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault).
CVSS Score
7.5
EPSS Score
0.008
Published
2019-05-15
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-05-14
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-05-14
GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter.
CVSS Score
6.5
EPSS Score
0.057
Published
2019-05-14