Security Vulnerabilities - CVEs Published In April 2019
A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.
CVSS Score
6.1
EPSS Score
0.01
Published
2019-04-09
A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-04-09
A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
CVSS Score
9.8
EPSS Score
0.05
Published
2019-04-09
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-04-09
Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code.
CVSS Score
7.4
EPSS Score
0.014
Published
2019-04-09
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.
CVSS Score
8.1
EPSS Score
0.001
Published
2019-04-09
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-04-09
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-04-09
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.
CVSS Score
9.9
EPSS Score
0.041
Published
2019-04-09
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-09