Security Vulnerabilities - CVEs Published In July 2019
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-03
Secret data of processes managed by CM is not secured by file permissions.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-03
OX Guard 2.8.0 has CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-03
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.
CVSS Score
9.8
EPSS Score
0.926
Published
2019-07-03
Subrion CMS before 4.1.4 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-03
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-03
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-07-03
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-07-03
There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-03
There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-03