Security Vulnerabilities - CVEs Published In January 2020
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-01-10
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-10
An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-10
An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-01-10
IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.
CVSS Score
5.1
EPSS Score
0.001
Published
2020-01-10
IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-01-10
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
CVSS Score
2.0
EPSS Score
0.007
Published
2020-01-10
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
CVSS Score
3.5
EPSS Score
0.008
Published
2020-01-10
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
CVSS Score
3.5
EPSS Score
0.007
Published
2020-01-10
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
CVSS Score
8.8
EPSS Score
0.357
Published
2020-01-10