| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18817 | — | Hig | 0.42 | 7.5 | 0.01 | Nov 12, 2019 | Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | |
| CVE-2014-7143 | — | Hig | 0.42 | 7.5 | 0.03 | Nov 12, 2019 | Python Twisted 14.0 trustRoot is not respected in HTTP client | |
| CVE-2019-18874 | — | Hig | 0.42 | 7.5 | 0.04 | Nov 12, 2019 | psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | |
| CVE-2019-18862 | Hig | 0.54 | 7.8 | 0.01 | Nov 11, 2019 | maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | ||
| CVE-2019-18857 | — | Hig | 0.42 | 7.5 | 0.01 | Nov 11, 2019 | darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript :alert substring. | |
| CVE-2019-18856 | Hig | 0.49 | 7.5 | 0.01 | Nov 11, 2019 | A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | ||
| CVE-2019-18855 | Hig | 0.49 | 7.5 | 0.03 | Nov 11, 2019 | A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | ||
| CVE-2019-18854 | Hig | 0.49 | 7.5 | 0.03 | Nov 11, 2019 | A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring. | ||
| CVE-2019-18841 | — | Hig | 0.41 | 7.3 | 0.01 | Nov 11, 2019 | Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution. | |
| CVE-2019-18836 | Hig | 0.49 | 7.5 | 0.02 | Nov 11, 2019 | Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | ||
| CVE-2019-18845 | Hig | 0.46 | 7.1 | 0.00 | Nov 9, 2019 | The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling… | ||
| CVE-2019-18840 | Hig | 0.49 | 7.5 | 0.02 | Nov 9, 2019 | In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the… | ||
| CVE-2009-4011 | Hig | 0.53 | 8.1 | 0.01 | Nov 9, 2019 | dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. | ||
| CVE-2019-5701 | Hig | 0.51 | 7.8 | 0.01 | Nov 9, 2019 | NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL… | ||
| CVE-2019-5697 | Hig | 0.46 | 7.1 | 0.00 | Nov 9, 2019 | NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service. | ||
| CVE-2019-5692 | Hig | 0.51 | 7.8 | 0.00 | Nov 9, 2019 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of… | ||
| CVE-2019-5691 | Hig | 0.51 | 7.8 | 0.00 | Nov 9, 2019 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. | ||
| CVE-2019-5690 | Hig | 0.51 | 7.8 | 0.00 | Nov 9, 2019 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. | ||
| CVE-2019-5689 | Hig | 0.51 | 7.8 | 0.00 | Nov 9, 2019 | NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of… | ||
| CVE-2018-1721 | Hig | 0.57 | 8.8 | 0.02 | Nov 9, 2019 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM… | ||
| CVE-2019-13539 | Hig | 0.46 | 7.0 | 0.00 | Nov 8, 2019 | Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While… | ||
| CVE-2019-3426 | Hig | 0.57 | 8.8 | 0.01 | Nov 8, 2019 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. | ||
| CVE-2019-3425 | Hig | 0.57 | 8.8 | 0.01 | Nov 8, 2019 | The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. | ||
| CVE-2019-12410 | Hig | 0.49 | 7.5 | 0.05 | Nov 8, 2019 | While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The… | ||
| CVE-2019-12408 | Hig | 0.49 | 7.5 | 0.03 | Nov 8, 2019 | It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally… | ||
| CVE-2019-17661 | Hig | 0.57 | 8.8 | 0.02 | Nov 8, 2019 | A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious… | ||
| CVE-2019-17327 | Hig | 0.47 | 7.2 | 0.03 | Nov 8, 2019 | JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | ||
| CVE-2019-16209 | Hig | 0.48 | 7.4 | 0.01 | Nov 8, 2019 | A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | ||
| CVE-2019-16208 | Hig | 0.49 | 7.5 | 0.00 | Nov 8, 2019 | Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.). | ||
| CVE-2019-16207 | Hig | 0.51 | 7.8 | 0.00 | Nov 8, 2019 | Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | ||
| CVE-2019-16205 | Hig | 0.57 | 8.8 | 0.01 | Nov 8, 2019 | A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | ||
| CVE-2013-1889 | Hig | 0.42 | 7.5 | 0.02 | Nov 8, 2019 | mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. | ||
| CVE-2019-10222 | Hig | 0.49 | 7.5 | 0.05 | Nov 8, 2019 | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW… | ||
| CVE-2008-7272 | Hig | 0.49 | 7.5 | 0.01 | Nov 8, 2019 | FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key. | ||
| CVE-2013-1809 | Hig | 0.49 | 7.5 | 0.02 | Nov 7, 2019 | Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | ||
| CVE-2013-1771 | Hig | 0.42 | 7.5 | 0.03 | Nov 7, 2019 | The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | ||
| CVE-2008-3278 | Hig | 0.51 | 7.8 | 0.00 | Nov 7, 2019 | frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability… | ||
| CVE-2007-5743 | Hig | 0.49 | 7.5 | 0.01 | Nov 7, 2019 | viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | ||
| CVE-2010-2450 | Hig | 0.49 | 7.5 | 0.01 | Nov 7, 2019 | The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key… | ||
| CVE-2019-3465 | — | Hig | 0.50 | 8.8 | 0.03 | Nov 7, 2019 | Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML… | |
| CVE-2012-0051 | Hig | 0.48 | 7.4 | 0.02 | Nov 7, 2019 | Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. | ||
| CVE-2010-2243 | Hig | 0.42 | 7.5 | 0.03 | Nov 7, 2019 | A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | ||
| CVE-2019-18813 | Hig | 0.00 | 7.5 | 0.04 | Nov 7, 2019 | A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. | ||
| CVE-2019-18812 | Hig | 0.42 | 7.5 | 0.03 | Nov 7, 2019 | A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef. | ||
| CVE-2019-18810 | Hig | 0.00 | 7.5 | 0.03 | Nov 7, 2019 | A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka… | ||
| CVE-2019-18807 | Hig | 0.00 | 7.5 | 0.03 | Nov 7, 2019 | Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or… | ||
| CVE-2019-17605 | Hig | 0.57 | 8.8 | 0.01 | Nov 7, 2019 | A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this… | ||
| CVE-2019-16877 | Hig | 0.50 | 8.8 | 0.01 | Nov 7, 2019 | Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | ||
| CVE-2019-16876 | Hig | 0.42 | 7.5 | 0.01 | Nov 7, 2019 | Portainer before 1.22.1 allows Directory Traversal. | ||
| CVE-2019-12331 | — | Hig | 0.50 | 8.8 | 0.01 | Nov 7, 2019 | PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By… |
- risk 0.42cvss 7.5epss 0.01
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
- risk 0.42cvss 7.5epss 0.03
Python Twisted 14.0 trustRoot is not respected in HTTP client
- risk 0.42cvss 7.5epss 0.04
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
- risk 0.54cvss 7.8epss 0.01
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
- risk 0.42cvss 7.5epss 0.01
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript :alert substring.
- risk 0.49cvss 7.5epss 0.01
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
- risk 0.49cvss 7.5epss 0.03
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
- risk 0.49cvss 7.5epss 0.03
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring.
- risk 0.41cvss 7.3epss 0.01
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
- risk 0.49cvss 7.5epss 0.02
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
- risk 0.46cvss 7.1epss 0.00
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling…
- risk 0.49cvss 7.5epss 0.02
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the…
- risk 0.53cvss 8.1epss 0.01
dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.
- risk 0.51cvss 7.8epss 0.01
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL…
- risk 0.46cvss 7.1epss 0.00
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of…
- risk 0.51cvss 7.8epss 0.00
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.
- risk 0.51cvss 7.8epss 0.00
NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of…
- risk 0.57cvss 8.8epss 0.02
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM…
- risk 0.46cvss 7.0epss 0.00
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While…
- risk 0.57cvss 8.8epss 0.01
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.
- risk 0.57cvss 8.8epss 0.01
The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.
- risk 0.49cvss 7.5epss 0.05
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The…
- risk 0.49cvss 7.5epss 0.03
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally…
- risk 0.57cvss 8.8epss 0.02
A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious…
- risk 0.47cvss 7.2epss 0.03
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.
- risk 0.48cvss 7.4epss 0.01
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
- risk 0.49cvss 7.5epss 0.00
Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).
- risk 0.51cvss 7.8epss 0.00
Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.
- risk 0.57cvss 8.8epss 0.01
A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.
- risk 0.42cvss 7.5epss 0.02
mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.
- risk 0.49cvss 7.5epss 0.05
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW…
- risk 0.49cvss 7.5epss 0.01
FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key.
- risk 0.49cvss 7.5epss 0.02
Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.
- risk 0.42cvss 7.5epss 0.03
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
- risk 0.51cvss 7.8epss 0.00
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability…
- risk 0.49cvss 7.5epss 0.01
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
- risk 0.49cvss 7.5epss 0.01
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key…
- risk 0.50cvss 8.8epss 0.03
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML…
- risk 0.48cvss 7.4epss 0.02
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.
- risk 0.42cvss 7.5epss 0.03
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.
- risk 0.00cvss 7.5epss 0.04
A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.
- risk 0.42cvss 7.5epss 0.03
A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.
- risk 0.00cvss 7.5epss 0.03
A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka…
- risk 0.00cvss 7.5epss 0.03
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or…
- risk 0.57cvss 8.8epss 0.01
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this…
- risk 0.50cvss 8.8epss 0.01
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).
- risk 0.42cvss 7.5epss 0.01
Portainer before 1.22.1 allows Directory Traversal.
- risk 0.50cvss 8.8epss 0.01
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By…