Security Vulnerabilities - CVEs Published In November 2019
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
CVSS Score
5.9
EPSS Score
0.002
Published
2019-11-13
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-13
Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4.
CVSS Score
8.8
EPSS Score
0.084
Published
2019-11-13
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-11-13
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-11-13
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-13
Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.
CVSS Score
3.3
EPSS Score
0.001
Published
2019-11-13
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-13
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..
CVSS Score
9.8
EPSS Score
0.009
Published
2019-11-13
Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-13