Security Vulnerabilities - CVEs Published In November 2019
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections
CVSS Score
5.9
EPSS Score
0.006
Published
2019-11-15
ClamAV before 0.97.7 has WWPack corrupt heap memory
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-15
ClamAV before 0.97.7 has buffer overflow in the libclamav component
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-15
ClamAV before 0.97.7: dbg_printhex possible information leak
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-15
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
CVSS Score
7.5
EPSS Score
0.024
Published
2019-11-15
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-15
TemaTres 3.0 allows remote unprivileged users to create an administrator account
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-15
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-11-15
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVSS Score
7.3
EPSS Score
0.003
Published
2019-11-15
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-11-15