Security Vulnerabilities - CVEs Published In April 2019
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
CVSS Score
9.8
EPSS Score
0.05
Published
2019-04-12
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-04-12
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
CVSS Score
4.8
EPSS Score
0.005
Published
2019-04-12
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator
CVSS Score
6.1
EPSS Score
0.003
Published
2019-04-12
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator
CVSS Score
6.1
EPSS Score
0.003
Published
2019-04-12
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-12
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-04-12
NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-04-12
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where input/output control (IOCTL) handling for user mode requests could create a non-trusted pointer dereference, which may lead to information disclosure, denial of service, escalation of privileges, or code execution. The updates apply to all versions prior to R28.3.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-04-12
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-04-12