Security Vulnerabilities - CVEs Published In August 2019
The events-manager plugin before 5.6 for WordPress has code injection.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-13
The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-08-13
Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-08-13
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-08-13
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-08-13
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
CVSS Score
7.4
EPSS Score
0.002
Published
2019-08-13
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
CVSS Score
8.8
EPSS Score
0.791
Published
2019-08-13
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-08-13
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-08-13
On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is no security impact: the only potentially leaked information is the number of characters in the PIN
CVSS Score
2.4
EPSS Score
0.001
Published
2019-08-12