Security Vulnerabilities - CVEs Published In June 2019
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-06-26
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-06-26
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-06-26
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVSS Score
8.8
EPSS Score
0.021
Published
2019-06-26
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVSS Score
8.8
EPSS Score
0.021
Published
2019-06-26
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-06-26
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
CVSS Score
7.3
EPSS Score
0.004
Published
2019-06-26
A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin.
CVSS Score
5.3
EPSS Score
0.011
Published
2019-06-26
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-06-26
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVSS Score
7.8
EPSS Score
0.007
Published
2019-06-25