Security Vulnerabilities - CVEs Published In July 2019
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period.
CVSS Score
7.2
EPSS Score
0.0
Published
2019-07-03
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-07-03
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-07-03
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.016
Published
2019-07-03
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.014
Published
2019-07-03
In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349624, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in iconv implementation may allow an attacker to write past the end of an output buffer. Depending on the implementation, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution.
CVSS Score
9.8
EPSS Score
0.023
Published
2019-07-03
In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-07-03
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.
CVSS Score
8.8
EPSS Score
0.041
Published
2019-07-03