Security Vulnerabilities - CVEs Published In August 2019
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-01
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
CVSS Score
8.0
EPSS Score
0.036
Published
2019-08-01
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-01
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-01
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-01
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).
CVSS Score
5.4
EPSS Score
0.001
Published
2019-08-01
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-01
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-01
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-01
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
CVSS Score
7.1
EPSS Score
0.001
Published
2019-08-01