Security Vulnerabilities - CVEs Published In November 2019
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-11-19
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
CVSS Score
4.4
EPSS Score
0.005
Published
2019-11-19
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
CVSS Score
9.8
EPSS Score
0.716
Published
2019-11-19
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
CVSS Score
4.8
EPSS Score
0.006
Published
2019-11-19
gnusound 0.7.5 has format string issue
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-19
uzbl: Information disclosure via world-readable cookies storage file
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-19
Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-11-19
mpack 1.6 has information disclosure via eavesdropping on mails sent by other users
CVSS Score
7.5
EPSS Score
0.016
Published
2019-11-19
cobbler: Web interface lacks CSRF protection when using Django framework
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-19
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-19