Security Vulnerabilities - CVEs Published In April 2019
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-04-05
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-05
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-04-05
In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-04-05
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-04-05
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-04-05
In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.
CVSS Score
9.8
EPSS Score
0.027
Published
2019-04-05
In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.
CVSS Score
9.8
EPSS Score
0.046
Published
2019-04-05
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
CVSS Score
6.5
EPSS Score
0.01
Published
2019-04-05
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-04-05