Security Vulnerabilities - CVEs Published In December 2019
Katello has a Denial of Service vulnerability in API OAuth authentication
CVSS Score
7.5
EPSS Score
0.006
Published
2019-12-10
kde-workspace before 4.10.5 has a memory leak in plasma desktop
CVSS Score
7.5
EPSS Score
0.02
Published
2019-12-10
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
CVSS Score
5.5
EPSS Score
0.0
Published
2019-12-10
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-10
JBoss KeyCloak: XSS in login-status-iframe.html
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-10
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-10
openstack-utils openstack-db has insecure password creation
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-10
rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection
CVSS Score
9.8
EPSS Score
0.027
Published
2019-12-10
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-10
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162807.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-12-09