Security Vulnerabilities - CVEs Published In November 2019
evince is missing a check on number of pages which can lead to a segmentation fault
CVSS Score
5.5
EPSS Score
0.005
Published
2019-11-01
php-symfony2-Validator has loss of information during serialization
CVSS Score
8.1
EPSS Score
0.006
Published
2019-11-01
A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-01
MiniUPnPd has information disclosure use of snprintf()
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-01
minidlna has SQL Injection that may allow retrieval of arbitrary files
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-01
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-11-01
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-11-01
Page 168