Security Vulnerabilities - CVEs Published In March 2019
Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-03-21
DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-03-21
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
CVSS Score
8.8
EPSS Score
0.029
Published
2019-03-21
OX App Suite 7.8.4 and earlier allows SSRF.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-21
OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-21
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-03-21
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-21
When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.
CVSS Score
7.5
EPSS Score
0.017
Published
2019-03-21
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CVSS Score
7.5
EPSS Score
0.03
Published
2019-03-21
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CVSS Score
7.5
EPSS Score
0.048
Published
2019-03-21