Security Vulnerabilities - CVEs Published In January 2020
E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-01-30
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.
CVSS Score
6.8
EPSS Score
0.048
Published
2020-01-30
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-30
Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities
CVSS Score
9.1
EPSS Score
0.006
Published
2020-01-30
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.
CVSS Score
5.9
EPSS Score
0.008
Published
2020-01-30
Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-01-30
Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action
CVSS Score
5.3
EPSS Score
0.002
Published
2020-01-30
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
CVSS Score
6.1
EPSS Score
0.001
Published
2020-01-30
Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability
CVSS Score
6.1
EPSS Score
0.001
Published
2020-01-30
ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-30