Security Vulnerabilities - CVEs Published In December 2019
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-12-03
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-12-03
Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging
CVSS Score
9.8
EPSS Score
0.006
Published
2019-12-03
Review Board: URL processing gives unauthorized users access to review lists
CVSS Score
4.3
EPSS Score
0.005
Published
2019-12-03
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
CVSS Score
4.7
EPSS Score
0.001
Published
2019-12-03
webauth before 4.6.1 has authentication credential disclosure
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-03
SaltStack RSA Key Generation allows remote users to decrypt communications
CVSS Score
8.1
EPSS Score
0.01
Published
2019-12-03
Katello has multiple XSS issues in various entities
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-03
OpenShift cartridge allows remote URL retrieval
CVSS Score
8.1
EPSS Score
0.003
Published
2019-12-03
API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-03