Security Vulnerabilities - CVEs Published In January 2019
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
CVSS Score
7.5
EPSS Score
0.075
Published
2019-01-25
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.
CVSS Score
7.1
EPSS Score
0.004
Published
2019-01-25
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-01-25
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.
CVSS Score
7.5
EPSS Score
0.021
Published
2019-01-25
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.
CVSS Score
6.1
EPSS Score
0.01
Published
2019-01-25
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
CVSS Score
6.1
EPSS Score
0.056
Published
2019-01-25
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-01-25
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-01-24
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
CVSS Score
7.2
EPSS Score
0.015
Published
2019-01-24
In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-01-24