Security Vulnerabilities - CVEs Published In November 2019
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution.
CVSS Score
6.2
EPSS Score
0.0
Published
2019-11-12
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-11-12
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-12
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-12
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-12
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).
CVSS Score
6.5
EPSS Score
0.005
Published
2019-11-12
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-12
Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-11-12
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-12
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-11-12