Security Vulnerabilities - CVEs Published In 2019
The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
CVSS Score
6.1
EPSS Score
0.008
Published
2019-11-27
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
CVSS Score
3.3
EPSS Score
0.0
Published
2019-11-27
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-27
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.
CVSS Score
8.1
EPSS Score
0.024
Published
2019-11-27
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
CVSS Score
6.1
EPSS Score
0.101
Published
2019-11-27
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
CVSS Score
5.9
EPSS Score
0.002
Published
2019-11-27
OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.
CVSS Score
7.8
EPSS Score
0.024
Published
2019-11-27
A password generation weakness exists in xquest through 2016-06-13.
CVSS Score
2.5
EPSS Score
0.001
Published
2019-11-27
Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.
CVSS Score
8.8
EPSS Score
0.264
Published
2019-11-27
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
CVSS Score
8.0
EPSS Score
0.007
Published
2019-11-27