Security Vulnerabilities - CVEs Published In January 2020
An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-08
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-01-08
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-08
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-01-08
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-01-08
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell.
CVSS Score
9.8
EPSS Score
0.07
Published
2020-01-08
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user obtain sensitive information.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-08
CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several years after CA Automic Dollar Universe 5.3.3 reached End of Life (EOL) status on April 1, 2015.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-08
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.
CVSS Score
6.1
EPSS Score
0.011
Published
2020-01-08
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-01-08