Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-13139
PUBLISHED: 2019-08-22

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the …

CVE-2019-15325
PUBLISHED: 2019-08-22

In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.

CVE-2019-15326
PUBLISHED: 2019-08-22

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

CVE-2019-15327
PUBLISHED: 2019-08-22

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

CVE-2019-15328
PUBLISHED: 2019-08-22

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: