Security Vulnerabilities - CVEs Published In 2019
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
CVSS Score
9.8
EPSS Score
0.01
Published
2019-11-12
Elgg through 1.7.10 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-12
Elgg through 1.7.10 has a SQL injection vulnerability
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-12
statusnet before 0.9.9 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
CVSS Score
9.0
EPSS Score
0.034
Published
2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-12
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVSS Score
7.8
EPSS Score
0.007
Published
2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-11-11