Security Vulnerabilities - CVEs Published In July 2019
stacktable.js before 1.0.4 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-29
Fleet before 2.1.2 allows exposure of SMTP credentials.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-29
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-07-29
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-29
invenio-records before 1.2.2 allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-29
Tridactyl before 1.16.0 allows fake key events.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-29
invenio-communities before 1.0.0a20 allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-29
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
CVSS Score
7.3
EPSS Score
0.003
Published
2019-07-29
invenio-previewer before 1.0.0a12 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-29
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.
The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.
The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-07-29