Security Vulnerabilities - CVEs Published In November 2019
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-21
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-11-21
Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR2130
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-21
Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-21
Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-21
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-21
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-11-21
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-11-21
rc before 1.7.1-5 insecurely creates temporary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-21
Gamera before 3.4.1 insecurely creates temporary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-21