Security Vulnerabilities - CVEs Published In August 2019
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-26
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-26
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-08-26
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-25
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
CVSS Score
7.5
EPSS Score
0.135
Published
2019-08-25
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
CVSS Score
7.3
EPSS Score
0.088
Published
2019-08-23