Security Vulnerabilities - CVEs Published In April 2019
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-04-24
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
CVSS Score
8.2
EPSS Score
0.005
Published
2019-04-24
EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-04-24
Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-04-24
In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-24
A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-04-24
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-04-24
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
CVSS Score
6.5
EPSS Score
0.02
Published
2019-04-24
An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. This could lead to arbitrary code executing inside the Windows kernel and allow escalation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-04-24
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVSS Score
7.0
EPSS Score
0.0
Published
2019-04-23