Security Vulnerabilities - CVEs Published In May 2019
An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL
CVSS Score
5.5
EPSS Score
0.001
Published
2019-05-28
An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference
CVSS Score
5.5
EPSS Score
0.001
Published
2019-05-28
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.
CVSS Score
4.3
EPSS Score
0.007
Published
2019-05-28
Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-05-28
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
CVSS Score
7.1
EPSS Score
0.002
Published
2019-05-27
EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-05-27
EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-27
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-27
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS Score
9.8
EPSS Score
0.199
Published
2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS Score
8.8
EPSS Score
0.13
Published
2019-05-24