Security Vulnerabilities - CVEs Published In October 2019
An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.
CVSS Score
4.3
EPSS Score
0.004
Published
2019-10-31
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
8.9
EPSS Score
0.004
Published
2019-10-31
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
10.0
EPSS Score
0.004
Published
2019-10-31
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
CVSS Score
4.3
EPSS Score
0.007
Published
2019-10-31
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
CVSS Score
6.1
EPSS Score
0.014
Published
2019-10-31
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
CVSS Score
5.4
EPSS Score
0.007
Published
2019-10-31
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-10-31
ruby193 uses an insecure LD_LIBRARY_PATH setting.
CVSS Score
3.3
EPSS Score
0.001
Published
2019-10-31
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.
CVSS Score
6.1
EPSS Score
0.018
Published
2019-10-31
autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.
CVSS Score
7.3
EPSS Score
0.001
Published
2019-10-31