Security Vulnerabilities - CVEs Published In December 2019
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
CVSS Score
9.8
EPSS Score
0.355
Published
2019-12-02
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.025
Published
2019-12-02
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-12-01
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
CVSS Score
4.6
EPSS Score
0.002
Published
2019-12-01
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
CVSS Score
4.6
EPSS Score
0.001
Published
2019-12-01
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
CVSS Score
9.8
EPSS Score
0.027
Published
2019-12-01
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-12-01
Page 158