Security Vulnerabilities - CVEs Published In 2019
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-12-13
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-12-13
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-12-13
VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-12-13
mcollective has a default password set at install
CVSS Score
9.8
EPSS Score
0.006
Published
2019-12-13
CFME: CSRF protection vulnerability via permissive check of the referrer header
CVSS Score
8.8
EPSS Score
0.004
Published
2019-12-13
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors
CVSS Score
7.5
EPSS Score
0.035
Published
2019-12-13
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-12-13
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-12-13
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-12-13