Security Vulnerabilities - CVEs Published In May 2019
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-05-17
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
CVSS Score
5.3
EPSS Score
0.012
Published
2019-05-17
An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-05-17
GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-05-17
GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-17
GoHTTP through 2017-07-25 has a sendHeader use-after-free.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-05-17
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-17
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.
CVSS Score
7.8
EPSS Score
0.097
Published
2019-05-17
SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-05-17
SimplyBook.me through 2019-05-11 does not properly restrict File Upload which could allow remote code execution.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-05-17