Security Vulnerabilities - CVEs Published In 2019
thttpd has a local DoS vulnerability via specially-crafted .htpasswd files
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-25
libuser has information disclosure when moving user's home directory
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-25
ipa 3.0 does not properly check server identity before sending credential containing cookies
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-25
The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-25
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-25
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
CVSS Score
6.5
EPSS Score
0.003
Published
2019-11-25
Claws Mail vCalendar plugin: credentials exposed on interface
CVSS Score
5.5
EPSS Score
0.027
Published
2019-11-25
gnome-system-log polkit policy allows arbitrary files on the system to be read
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-25
opendnssec misuses libcurl API
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-25
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-25