Security Vulnerabilities - CVEs Published In July 2019
A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link.
CVSS Score
4.6
EPSS Score
0.003
Published
2019-07-11
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupported versions not listed here were not evaluated.
CVSS Score
9.3
EPSS Score
0.01
Published
2019-07-11
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-07-11
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.
CVSS Score
9.1
EPSS Score
0.005
Published
2019-07-11
Intersystems Cache 2017.2.2.865.0 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-11
Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-11
Intersystems Cache 2017.2.2.865.0 allows XXE.
CVSS Score
6.4
EPSS Score
0.002
Published
2019-07-11
Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control.
CVSS Score
7.2
EPSS Score
0.008
Published
2019-07-11
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
CVSS Score
7.2
EPSS Score
0.007
Published
2019-07-11
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
CVSS Score
7.2
EPSS Score
0.216
Published
2019-07-11