Security Vulnerabilities - CVEs Published In September 2019
The icegram plugin before 1.9.19 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-16
The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-16
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-09-16
The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-16
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
CVSS Score
7.5
EPSS Score
0.892
Published
2019-09-16
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-09-16
TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-09-16
CVE-2019-16057
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Known exploited
CVSS Score
9.8
EPSS Score
0.938
Published
2019-09-16
An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-09-16
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVSS Score
9.8
EPSS Score
0.071
Published
2019-09-15