Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.
CVSS Score
8.0
EPSS Score
0.016
Published
2019-11-20
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.
CVSS Score
9.1
EPSS Score
0.007
Published
2019-11-20
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.
CVSS Score
7.7
EPSS Score
0.003
Published
2019-11-20
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-20
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-20
iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-20
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.
CVSS Score
7.7
EPSS Score
0.002
Published
2019-11-20
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-20
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-20
Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-11-20


Contact Us

Shodan ® - All rights reserved