Security Vulnerabilities - CVEs Published In March 2019
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-03-21
Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-03-21
AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-03-21
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
CVSS Score
9.9
EPSS Score
0.045
Published
2019-03-21
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
CVSS Score
6.1
EPSS Score
0.007
Published
2019-03-21
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345.
CVSS Score
6.4
EPSS Score
0.0
Published
2019-03-21
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
CVSS Score
4.8
EPSS Score
0.018
Published
2019-03-21
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
CVSS Score
4.6
EPSS Score
0.0
Published
2019-03-21
HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-03-21
Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel.
CVSS Score
9.8
EPSS Score
0.057
Published
2019-03-21