Security Vulnerabilities - CVEs Published In November 2019
Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness
CVSS Score
5.3
EPSS Score
0.004
Published
2019-11-04
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
CVSS Score
9.1
EPSS Score
0.004
Published
2019-11-04
slim has NULL pointer dereference when using crypt() method from glibc 2.17
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-04
CloudForms stores user passwords in recoverable format
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-04
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-04
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.
CVSS Score
4.6
EPSS Score
0.001
Published
2019-11-02
On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.
CVSS Score
4.6
EPSS Score
0.001
Published
2019-11-02
On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.
CVSS Score
4.6
EPSS Score
0.001
Published
2019-11-02
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-02
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
CVSS Score
6.5
EPSS Score
0.01
Published
2019-11-02