Security Vulnerabilities - CVEs Published In March 2019
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-03-06
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-03-06
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
CVSS Score
8.8
EPSS Score
0.177
Published
2019-03-06
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
CVSS Score
7.0
EPSS Score
0.005
Published
2019-03-05
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
CVSS Score
5.9
EPSS Score
0.05
Published
2019-03-05
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648.
CVSS Score
6.5
EPSS Score
0.278
Published
2019-03-05
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.
CVSS Score
7.0
EPSS Score
0.003
Published
2019-03-05
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0664.
CVSS Score
6.5
EPSS Score
0.258
Published
2019-03-05
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0663.
CVSS Score
5.5
EPSS Score
0.005
Published
2019-03-05
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618.
CVSS Score
8.8
EPSS Score
0.303
Published
2019-03-05