News aggregator

CVE-2017-18542

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.
Categories: Security News

CVE-2017-18543

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
Categories: Security News

CVE-2017-18544

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
Categories: Security News

CVE-2017-18545

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
Categories: Security News

CVE-2017-18546

National Vulnerability Database - Fri, 08/16/2019 - 17:15
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
Categories: Security News

CVE-2019-8063

National Vulnerability Database - Fri, 08/16/2019 - 13:15
Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage.
Categories: Security News

CVE-2019-7957

National Vulnerability Database - Fri, 08/16/2019 - 13:15
Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.
Categories: Security News

CVE-2019-7958

National Vulnerability Database - Fri, 08/16/2019 - 13:15
Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.
Categories: Security News

CVE-2019-7959

National Vulnerability Database - Fri, 08/16/2019 - 13:15
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.
Categories: Security News

CVE-2019-7964

National Vulnerability Database - Fri, 08/16/2019 - 13:15
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.
Categories: Security News

CVE-2019-5477

National Vulnerability Database - Fri, 08/16/2019 - 12:15
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
Categories: Security News

CVE-2019-15119

National Vulnerability Database - Fri, 08/16/2019 - 11:15
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
Categories: Security News

CVE-2019-15120 (kunena)

National Vulnerability Database - Fri, 08/16/2019 - 11:15
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
Categories: Security News

CVE-2019-15118

National Vulnerability Database - Fri, 08/16/2019 - 10:15
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
Categories: Security News

CVE-2015-9325

National Vulnerability Database - Fri, 08/16/2019 - 10:15
The visitors-online plugin before 0.4 for WordPress has SQL injection.
Categories: Security News

CVE-2015-9326

National Vulnerability Database - Fri, 08/16/2019 - 10:15
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
Categories: Security News

CVE-2016-10904

National Vulnerability Database - Fri, 08/16/2019 - 10:15
The olimometer plugin before 2.57 for WordPress has SQL injection.
Categories: Security News

CVE-2017-18548 (note_press)

National Vulnerability Database - Fri, 08/16/2019 - 10:15
The note-press plugin before 0.1.2 for WordPress has SQL injection.
Categories: Security News

CVE-2018-13884

National Vulnerability Database - Fri, 08/16/2019 - 10:15
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
Categories: Security News

CVE-2019-15117

National Vulnerability Database - Fri, 08/16/2019 - 10:15
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
Categories: Security News

Pages