Security Vulnerabilities - CVEs Published In January 2020
Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.
CVSS Score
9.8
EPSS Score
0.084
Published
2020-01-15
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-15
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
CVSS Score
7.1
EPSS Score
0.004
Published
2020-01-15
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-01-15
Joomla! 1.5x through 1.5.12: Missing JEXEC Check
CVSS Score
5.3
EPSS Score
0.0
Published
2020-01-15
spamdyke prior to 4.2.1: STARTTLS reveals plaintext
CVSS Score
7.5
EPSS Score
0.002
Published
2020-01-15
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks
CVSS Score
5.9
EPSS Score
0.002
Published
2020-01-15
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
CVSS Score
7.4
EPSS Score
0.001
Published
2020-01-15
Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks
CVSS Score
6.4
EPSS Score
0.001
Published
2020-01-15
whoopsie-daisy before 0.1.26: Root user can remove arbitrary files
CVSS Score
4.9
EPSS Score
0.002
Published
2020-01-15