Security Vulnerabilities - CVEs Published In July 2019
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-07-17
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-17
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-17
In MyT 1.5.1, the User[username] parameter has XSS.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-07-17
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-07-17
CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.
CVSS Score
9.8
EPSS Score
0.029
Published
2019-07-17
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
CVSS Score
6.5
EPSS Score
0.262
Published
2019-07-17
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-07-17
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-07-17
A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVSS Score
9.8
EPSS Score
0.047
Published
2019-07-17