Security Vulnerabilities - CVEs Published In 2019
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
CVSS Score
5.5
EPSS Score
0.005
Published
2019-11-20
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
CVSS Score
5.5
EPSS Score
0.006
Published
2019-11-20
Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-20
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-20
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-20
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-20
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-11-20
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 166456.
CVSS Score
8.0
EPSS Score
0.016
Published
2019-11-20
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.
CVSS Score
9.1
EPSS Score
0.007
Published
2019-11-20
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.
CVSS Score
7.7
EPSS Score
0.003
Published
2019-11-20