Security Vulnerabilities - CVEs Published In January 2020
Grand MA 300 allows retrieval of the access PIN from sniffed data.
CVSS Score
7.5
EPSS Score
0.19
Published
2020-01-13
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-13
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-01-13
Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-13
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.
CVSS Score
7.6
EPSS Score
0.004
Published
2020-01-11
TopList before 2019-09-03 allows XSS via a title.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-11
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-01-11
In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-11
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-11
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-11