edge vulnerabilities and exploits

NA
CVE-2019-13139

Docker build code execution. The issue is a relative straight forward command injection, however, what possibly makes it a little more interesting is that it occurs in a Go code base. It is typically assumed that the Go os/exec package does not suffer from command injection,...

4.3
CVSSv2
CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter....

10
CVSSv2
CVE-2019-13598

LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped....

4.3
CVSSv2
CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype....

DrupalJqueryDebianDebian Linux
4.3
CVSSv2
CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database,...

DjangoprojectDjango
NA
CVE-2019-1105

Outlook for Android Spoofing Vulnerability. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user....

2.1
CVSSv2
CVE-2019-1093

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097....

2.1
CVSSv2
CVE-2019-1097

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093....

9.3
CVSSv2
CVE-2019-1127

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121,...

9.3
CVSSv2
CVE-2019-1118

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122,...