Security Vulnerabilities - CVEs Published In May 2019
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
CVSS Score
7.5
EPSS Score
0.899
Published
2019-05-01
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering
CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-05-01
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-05-01
In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-05-01
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-05-01
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-05-01
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-01
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-05-01
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-01
Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-05-01