Security Vulnerabilities - CVEs Published In January 2020
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-01-09
Publify before 8.0.1 is vulnerable to a Denial of Service attack
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-09
BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability
CVSS Score
7.5
EPSS Score
0.01
Published
2020-01-09
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload
CVSS Score
9.8
EPSS Score
0.041
Published
2020-01-09
BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability
CVSS Score
9.8
EPSS Score
0.013
Published
2020-01-09
AgileBits 1Password through 1.0.9.340 allows security feature bypass
CVSS Score
5.5
EPSS Score
0.002
Published
2020-01-09
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-09
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface
CVSS Score
9.8
EPSS Score
0.053
Published
2020-01-09
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-09
Ansible prior to 1.5.4 mishandles the evaluation of some strings.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-09