Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
Jooby before 1.6.4 has XSS via the default error handler.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23
Domoticz 4.10717 has XSS via item.Name.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-23
Kimai v2 before 1.1 has XSS via a timesheet description.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-08-23
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
CVSS Score
9.8
EPSS Score
0.035
Published
2019-08-23
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-23
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-23
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-23
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.
CVSS Score
8.8
EPSS Score
0.019
Published
2019-08-23
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23


Contact Us

Shodan ® - All rights reserved