Security Vulnerabilities, CVEs, Published In July 2019 CVSS score >= 7
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-29
Updated
2022-04-18
graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-07-29
Updated
2021-07-21
parse-server before 3.4.1 allows DoS after any POST to a volatile class.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-29
Updated
2019-08-02
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-07-29
Updated
2022-04-18
Fleet before 2.1.2 allows exposure of SMTP credentials.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-07-29
Updated
2020-08-24
Tridactyl before 1.16.0 allows fake key events.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-07-29
Updated
2021-07-21
Pterodactyl before 0.7.14 with 2FA allows credential sniffing.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-07-29
Updated
2020-08-24
yard before 0.9.20 allows path traversal.
Max CVSS
7.5
EPSS Score
0.26%
Published
2019-07-29
Updated
2024-03-06
pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. The impact is: False locking impression when run in a non-X11 session. The fixed version is: 0.4.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-07-11
Updated
2019-07-14
Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-07-15
Updated
2020-08-24
Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after commit 5267b455caeb2e055cccf0d2b6a22727c111f5c3.
Max CVSS
9.8
EPSS Score
0.77%
Published
2019-07-15
Updated
2020-08-24
mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Overflow. The impact is: Software crash. The component is: server_example_complex_array. The attack vector is: Send a specific MMS protocol packet.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-07-15
Updated
2019-07-22
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
Max CVSS
10.0
EPSS Score
0.45%
Published
2019-07-15
Updated
2021-07-21
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
Max CVSS
10.0
EPSS Score
0.45%
Published
2019-07-15
Updated
2021-07-21
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
Max CVSS
10.0
EPSS Score
0.45%
Published
2019-07-15
Updated
2021-07-21
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.
Max CVSS
9.8
EPSS Score
0.23%
Published
2019-07-15
Updated
2021-07-21
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-07-15
Updated
2019-07-16
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
Max CVSS
9.8
EPSS Score
0.22%
Published
2019-07-15
Updated
2020-08-24
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
Max CVSS
9.8
EPSS Score
0.22%
Published
2019-07-16
Updated
2021-07-21
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.
Max CVSS
7.5
EPSS Score
0.26%
Published
2019-07-17
Updated
2023-09-21
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
Max CVSS
7.5
EPSS Score
0.21%
Published
2019-07-18
Updated
2019-08-01
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2.
Max CVSS
9.8
EPSS Score
0.25%
Published
2019-07-17
Updated
2019-10-09
Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance: https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688. The attack vector is: Send a specially crafted SOAP call.
Max CVSS
9.8
EPSS Score
7.66%
Published
2019-07-18
Updated
2019-07-24
Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.
Max CVSS
9.8
EPSS Score
0.29%
Published
2019-07-17
Updated
2020-08-24
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-07-18
Updated
2019-08-13