Security Vulnerabilities - CVEs Published In April 2019
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.
CVSS Score
9.8
EPSS Score
0.094
Published
2019-04-04
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-04-03
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-03
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-04-03
Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-04-03
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-04-03
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-04-03
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-04-03
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-04-03
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-04-03