Security Vulnerabilities - CVEs Published In August 2019
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-08-23
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.
CVSS Score
5.9
EPSS Score
0.001
Published
2019-08-23
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the aforementioned credentials and network access to FortiCameras to take control of those, provided they are managed by a FortiRecorder device.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-08-23
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-08-23
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-08-23
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-23
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
CVSS Score
8.6
EPSS Score
0.009
Published
2019-08-23
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-08-23
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-23
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-23