Security Vulnerabilities - CVEs Published In September 2019
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-09-20
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-09-20
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
CVSS Score
8.6
EPSS Score
0.167
Published
2019-09-20
An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.
CVSS Score
9.6
EPSS Score
0.004
Published
2019-09-20
The wp-piwik plugin before 1.0.5 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-20
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-20