Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10766PUBLISHED: 2019-11-19Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.
CVE-2019-11289PUBLISHED: 2019-11-19Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.
CVE-2011-2922PUBLISHED: 2019-11-19ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.
CVE-2019-18934PUBLISHED: 2019-11-19Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVE-2012-6070PUBLISHED: 2019-11-19Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
1 Comments
Tweet This