Security Vulnerabilities - CVEs Published In 2019
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-12-26
A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-12-26
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-12-26
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-12-26
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-12-26
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a denial of service attack on the affected products.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-12-26
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate to perform a denial of service attack on the affected products.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-26
A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-26
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-12-26
USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection.
CVSS Score
4.9
EPSS Score
0.001
Published
2019-12-26