Security Vulnerabilities - CVEs Published In December 2019
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-03
freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).
CVSS Score
8.8
EPSS Score
0.261
Published
2019-12-03
SALTO ProAccess SPACE 5.4.3.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-03
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
CVSS Score
8.6
EPSS Score
0.009
Published
2019-12-03
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
CVSS Score
9.8
EPSS Score
0.018
Published
2019-12-03
process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-12-03
The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-12-03
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-03
DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-03
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-12-03