Security Vulnerabilities - CVEs Published In October 2019
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-10-29
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-10-29
A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-10-29
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.03
Published
2019-10-29
gpw generates shorter passwords than required
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-29
mediawiki allows deleted text to be exposed
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-29
Bitlbee does not drop extra group privileges correctly in unix.c
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-29
Hadoop 1.0.3 contains a symlink vulnerability.
CVSS Score
7.5
EPSS Score
0.017
Published
2019-10-29
asterisk allows calls on prohibited networks
CVSS Score
7.5
EPSS Score
0.007
Published
2019-10-29
ytnef has directory traversal
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-29