Security Vulnerabilities - CVEs Published In 2019
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21
trytond 2.4: ModelView.button fails to validate authorization
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-21
pam_shield before 0.9.4: Default configuration does not perform protective action
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-21
mono 2.10.x ASP.NET Web Form Hash collision DoS
CVSS Score
7.5
EPSS Score
0.01
Published
2019-11-21
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.
CVSS Score
9.8
EPSS Score
0.041
Published
2019-11-21
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVSS Score
5.5
EPSS Score
0.011
Published
2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVSS Score
5.5
EPSS Score
0.011
Published
2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-11-21
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-20