Security Vulnerabilities - CVEs Published In March 2019
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.
CVSS Score
2.1
EPSS Score
0.001
Published
2019-03-27
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-03-27
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier.
CVSS Score
9.1
EPSS Score
0.002
Published
2019-03-27
HP Support Assistant before 8.7.50.3 allows an unauthorized person with local access to load arbitrary code.
CVSS Score
7.3
EPSS Score
0.001
Published
2019-03-27
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-03-27
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-03-27
An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).
CVSS Score
6.5
EPSS Score
0.0
Published
2019-03-27
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-03-27
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Known exploited
CVSS Score
7.5
EPSS Score
0.943
Published
2019-03-27
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
CVSS Score
7.5
EPSS Score
0.091
Published
2019-03-27