Security Vulnerabilities - CVEs Published In 2019
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-12
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-12
WebKit in Google Chrome before Blink M11 and M12 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption).
CVSS Score
6.5
EPSS Score
0.005
Published
2019-11-12
An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h in WebKit in Google Chrome before Blink M11 and M12 when trying to access a removed smil element.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-12
Some Huawei smart phones with versions earlier than Harry-AL00C 9.1.0.206(C00E205R3P1) have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-11-12
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-12
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-11-12
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-11-12
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-12
The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members, etc.).
CVSS Score
7.5
EPSS Score
0.012
Published
2019-11-12