CVE-2019-15325
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.
Source: CVE-2019-15325
CVE-2019-15329
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
Source: CVE-2019-15329
CVE-2019-15326
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
Source: CVE-2019-15326
CVE-2019-15328
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
Source: CVE-2019-15328
CVE-2016-10928
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.
Source: CVE-2016-10928
CVE-2016-10929
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
Source: CVE-2016-10929
CVE-2017-18578
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.
Source: CVE-2017-18578
CVE-2015-9340
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
Source: CVE-2015-9340