Security Vulnerabilities - CVEs Published In November 2019
Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated.
CVSS Score
9.8
EPSS Score
0.018
Published
2019-11-05
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-05
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
CVSS Score
6.5
EPSS Score
0.025
Published
2019-11-05
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
CVSS Score
6.5
EPSS Score
0.02
Published
2019-11-05
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
CVSS Score
8.8
EPSS Score
0.02
Published
2019-11-05
Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions
CVSS Score
5.3
EPSS Score
0.003
Published
2019-11-05
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVSS Score
2.4
EPSS Score
0.002
Published
2019-11-05
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.
CVSS Score
7.5
EPSS Score
0.144
Published
2019-11-05
Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-05
Cryptocat has an Unspecified Chat Participant User List Disclosure
CVSS Score
5.3
EPSS Score
0.006
Published
2019-11-05