Security Vulnerabilities - CVEs Published In November 2019
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-11-04
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-11-04
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.046
Published
2019-11-04
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-04
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-04
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-04
A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-04
Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-04
A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-11-04
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-04