Security Vulnerabilities - CVEs Published In March 2019
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
CVSS Score
6.0
EPSS Score
0.002
Published
2019-03-27
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-03-27
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVSS Score
6.8
EPSS Score
0.002
Published
2019-03-27
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.
CVSS Score
7.5
EPSS Score
0.053
Published
2019-03-27
WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated object.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-03-27
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-03-27
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-03-27
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVSS Score
8.7
EPSS Score
0.009
Published
2019-03-27
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-03-27
In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
CVSS Score
7.5
EPSS Score
0.008
Published
2019-03-27