Security Vulnerabilities - CVEs Published In 2019
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
CVSS Score
4.8
EPSS Score
0.004
Published
2019-11-19
gnusound 0.7.5 has format string issue
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-19
uzbl: Information disclosure via world-readable cookies storage file
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-19
Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-11-19
mpack 1.6 has information disclosure via eavesdropping on mails sent by other users
CVSS Score
7.5
EPSS Score
0.016
Published
2019-11-19
cobbler: Web interface lacks CSRF protection when using Django framework
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-19
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-19
tog-Pegasus has a package hash collision DoS vulnerability
CVSS Score
7.5
EPSS Score
0.007
Published
2019-11-19
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-19
surf: cookie jar has read access from other local user
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-19