Security Vulnerabilities - CVEs Published In August 2019
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.
CVSS Score
8.4
EPSS Score
0.004
Published
2019-08-22
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-08-22
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-22
The cforms2 plugin before 10.5 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-08-22
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-22