Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-12 CVE-2019-4652 Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions.
local
low complexity
ibm CWE-276
7.1
2019-11-12 CVE-2019-18848 Improper Authentication vulnerability in multiple products
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
network
low complexity
json-jwt-project debian CWE-287
7.5
2019-11-12 CVE-2012-1109 Improper Handling of Exceptional Conditions vulnerability in Pediapress Mwlib
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions
network
low complexity
pediapress CWE-755
7.5
2019-11-12 CVE-2011-3618 Link Following vulnerability in multiple products
atop: symlink attack possible due to insecure tempfile handling
local
low complexity
atop-project debian CWE-59
7.8
2019-11-12 CVE-2019-18817 Infinite Loop vulnerability in Istio
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
network
low complexity
istio CWE-835
7.5
2019-11-12 CVE-2014-7143 Improper Certificate Validation vulnerability in Twisted 14.0.0
Python Twisted 14.0 trustRoot is not respected in HTTP client
network
low complexity
twisted CWE-295
7.5
2019-11-12 CVE-2019-18874 Double Free vulnerability in Psutil Project Psutil
psutil (aka python-psutil) through 5.6.5 can have a double free.
network
low complexity
psutil-project CWE-415
7.5
2019-11-11 CVE-2019-18862 Unspecified vulnerability in GNU Mailutils 0.5/0.6
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
local
low complexity
gnu
7.8
2019-11-11 CVE-2019-18857 Cross-site Scripting vulnerability in Svg-Sanitizer Project Svg-Sanitizer
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.
network
low complexity
svg-sanitizer-project CWE-79
7.5
2019-11-11 CVE-2019-18856 Incorrect Permission Assignment for Critical Resource vulnerability in Drupal SVG Sanitizer
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
network
low complexity
drupal CWE-732
7.5