Security Vulnerabilities - CVEs Published In September 2019
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-09-23
kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-09-23
Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.
CVSS Score
9.1
EPSS Score
0.004
Published
2019-09-23
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-23
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-09-23
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.
CVSS Score
9.8
EPSS Score
0.192
Published
2019-09-23
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-09-22
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVSS Score
9.8
EPSS Score
0.016
Published
2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVSS Score
9.8
EPSS Score
0.163
Published
2019-09-22