Security Vulnerabilities - CVEs Published In November 2019
xlockmore before 5.43 'dclock' security bypass vulnerability
CVSS Score
7.5
EPSS Score
0.007
Published
2019-11-21
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.
CVSS Score
5.3
EPSS Score
0.005
Published
2019-11-21
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21
trytond 2.4: ModelView.button fails to validate authorization
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-21
pam_shield before 0.9.4: Default configuration does not perform protective action
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-21
mono 2.10.x ASP.NET Web Form Hash collision DoS
CVSS Score
7.5
EPSS Score
0.011
Published
2019-11-21
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.
CVSS Score
9.8
EPSS Score
0.041
Published
2019-11-21
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVSS Score
5.5
EPSS Score
0.011
Published
2019-11-21