Security Vulnerabilities - CVEs Published In March 2019
The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests.
CVSS Score
7.5
EPSS Score
0.198
Published
2019-03-06
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-03-06
An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x01\x00\xac\xff\x00 (aka UID 0x43) requests to TCP port 502.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-03-06
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
CVSS Score
6.1
EPSS Score
0.028
Published
2019-03-06
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVSS Score
6.1
EPSS Score
0.028
Published
2019-03-06
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVSS Score
6.1
EPSS Score
0.017
Published
2019-03-06
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-03-06
AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-06
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.
CVSS Score
6.5
EPSS Score
0.073
Published
2019-03-06
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-03-06