Security Vulnerabilities - CVEs Published In 2019
Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-12-16
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
CVSS Score
5.3
EPSS Score
0.007
Published
2019-12-16
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab
CVSS Score
5.3
EPSS Score
0.001
Published
2019-12-16
There is an information leakage vulnerability on some Huawei products(AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600). An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an information disclosure condition.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-12-16
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
CVSS Score
6.5
EPSS Score
0.015
Published
2019-12-16
A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7.
CVSS Score
5.4
EPSS Score
0.02
Published
2019-12-16
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0.
CVSS Score
2.6
EPSS Score
0.003
Published
2019-12-16
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-12-16
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0xa08a Out-of-Bounds Read via crafted Unicode content.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-12-16
Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-12-16