Security Vulnerabilities - CVEs Published In July 2019
DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-07-30
J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-07-30
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-30
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-07-30
An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2019-07-30
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
CVSS Score
9.8
EPSS Score
0.041
Published
2019-07-30
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-07-30
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052).
CVSS Score
6.5
EPSS Score
0.005
Published
2019-07-30
A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
CVSS Score
3.1
EPSS Score
0.002
Published
2019-07-30
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
CVSS Score
7.1
EPSS Score
0.005
Published
2019-07-30