Security Vulnerabilities - CVEs Published In November 2019
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-11-12
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-12
Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-11-12
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.
CVSS Score
5.1
EPSS Score
0.001
Published
2019-11-12
atop: symlink attack possible due to insecure tempfile handling
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-12
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions
CVSS Score
7.5
EPSS Score
0.007
Published
2019-11-12
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-12
Pacemaker before 1.1.6 configure script creates temporary files insecurely
CVSS Score
5.5
EPSS Score
0.004
Published
2019-11-12
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-12
Python Twisted 14.0 trustRoot is not respected in HTTP client
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-12