Security Vulnerabilities - CVEs Published In October 2019
A vulnerability in the web-based management interface of Cisco IC3000 Industrial Compute Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages system resources. An attacker could exploit this vulnerability by opening a large number of simultaneous sessions on the web-based management interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition of the web-based management interface, preventing normal management operations.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-10-02
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-02
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-02
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-02
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-02
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-02
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-02
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-10-02
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
CVSS Score
5.9
EPSS Score
0.0
Published
2019-10-02
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-10-02