Security Vulnerabilities - CVEs Published In September 2019
ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-09-16
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-16
The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-09-16
The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-16
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-16
The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-16
AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVSS Score
6.5
EPSS Score
0.009
Published
2019-09-16
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-09-16
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-16
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-16