Security Vulnerabilities - CVEs Published In January 2020
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.
CVSS Score
9.0
EPSS Score
0.005
Published
2020-01-10
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
CVSS Score
7.8
EPSS Score
0.007
Published
2020-01-10
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-01-10
The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-01-10
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2).
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-10
On Ricoh SP C250DN 1.06 devices, a debug port can be used.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-01-10
Ricoh SP C250DN 1.06 devices allow CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-01-10
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-10
Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-01-10
Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-10