Recent vulnerabilities and exploits

NA
CVE-2019-15116

The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging....

NA
CVE-2019-15113

The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF....

NA
CVE-2017-18546

The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF....

NA
CVE-2018-20973

The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion....

NA
CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input....

NA
CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection....

6.7
CVSSv2
CVE-2018-16884

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host...

6.4
CVSSv2
CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The...

6.8
CVSSv2
CVE-2019-11922

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used....

NA
CVE-2019-1981

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The...