Security Vulnerabilities - CVEs Published In October 2019
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.
CVSS Score
9.8
EPSS Score
0.039
Published
2019-10-02
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-02
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-02
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of casuser.
CVSS Score
6.5
EPSS Score
0.325
Published
2019-10-02
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-02
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVSS Score
9.8
EPSS Score
0.013
Published
2019-10-02
Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename.
CVSS Score
9.9
EPSS Score
0.006
Published
2019-10-02
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
CVSS Score
4.3
EPSS Score
0.03
Published
2019-10-02
An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-10-02
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.
CVSS Score
9.8
EPSS Score
0.108
Published
2019-10-02