Security Vulnerabilities - CVEs Published In December 2019
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
CVSS Score
7.5
EPSS Score
0.252
Published
2019-12-27
WordPress Xorbin Digital Flash Clock 1.0 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-27
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
CVSS Score
7.8
EPSS Score
0.035
Published
2019-12-27
In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-12-27
SPBAS Business Automation Software 2012 has XSS.
CVSS Score
6.1
EPSS Score
0.036
Published
2019-12-27
SPBAS Business Automation Software 2012 has CSRF.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-12-27
Sencha Labs Connect has XSS with connect.methodOverride()
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-27
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
CVSS Score
4.8
EPSS Score
0.003
Published
2019-12-27
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
CVSS Score
4.8
EPSS Score
0.004
Published
2019-12-27
CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-12-27