Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2019-10692: WP Go Maps (formerly WP Google Maps)

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.

CVE
Open in Source
#sql#xss#web#ios#windows#google#js#git#java#wordpress#intel#php#perl#auth
CVE-2018-3979: TALOS-2018-0647 || Cisco Talos Intelligence Group

A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).

CVE-2019-9912: wpGoogleMaps 7.10.41 - Reflected XSS (WordPress Plugin)

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.

CVE-2018-20525: Offensive Security’s Exploit Database Archive

Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.

Local privilege escalation via the Windows I/O Manager: a variant finding collaboration

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services to help make our customers and the global online community more secure. We appreciate the excellent vulnerability research reported to us regularly from the security community, and we consider it a privilege to work with these researchers.

CVE-2019-0271: SAP Security Patch Day – March 2019 - Product Security Response at SAP

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.

CVE-2019-9634: runtime: dll injection vulnerabilities on Windows (CVE-2019-9634) · Issue #30642 · golang/go

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

CVE-2019-9591: Vulnerabilities/Shoretel Connect Multiple Vulnerability at master · Ramikan/Vulnerabilities

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.

CVE-2019-9213: mm: enforce min addr even if capable() in expand_downwards() · torvalds/linux@0a1d529

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

CVE-2019-9567: Forminator – Contact Form, Payment Form & Custom Form Builder

The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.