Security Vulnerabilities - CVEs Published In September 2019
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-09-12
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVSS Score
9.8
EPSS Score
0.034
Published
2019-09-12
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVSS Score
9.8
EPSS Score
0.02
Published
2019-09-12
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVSS Score
7.8
EPSS Score
0.075
Published
2019-09-12
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.
CVSS Score
9.9
EPSS Score
0.003
Published
2019-09-12
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-09-12
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by observing CPU registers and the effect of code/instruction execution.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-09-12
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-09-12
Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.
CVSS Score
7.4
EPSS Score
0.005
Published
2019-09-12
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-09-12