Security Vulnerabilities - CVEs Published In 2019
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
CVSS Score
6.5
EPSS Score
0.71
Published
2019-11-26
The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-11-26
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-11-26
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-26
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-26
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-26
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-26
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None
CVSS Score
6.4
EPSS Score
0.004
Published
2019-11-26