Security Vulnerabilities - CVEs Published In August 2019
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device.
CVSS Score
8.6
EPSS Score
0.014
Published
2019-08-28
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-08-28
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-28
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-08-28
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-28
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-28
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-28
Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-28
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-28
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-08-28