Security Vulnerabilities - CVEs Published In June 2019
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.
CVSS Score
8.8
EPSS Score
0.015
Published
2019-06-24
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
CVSS Score
7.5
EPSS Score
0.057
Published
2019-06-24
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-06-24
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
CVSS Score
7.5
EPSS Score
0.173
Published
2019-06-24
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
CVSS Score
5.9
EPSS Score
0.517
Published
2019-06-24
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-06-24
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-06-24
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-06-24
LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-06-24
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-24