Security Vulnerabilities - CVEs Published In January 2020
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-01-08
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
CVSS Score
6.1
EPSS Score
0.017
Published
2020-01-08
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
CVSS Score
9.1
EPSS Score
0.024
Published
2020-01-08
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-01-08
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
CVSS Score
8.8
EPSS Score
0.139
Published
2020-01-08
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.
CVSS Score
3.7
EPSS Score
0.008
Published
2020-01-08
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-01-08
In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName".
CVSS Score
9.8
EPSS Score
0.005
Published
2020-01-08
An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.
CVSS Score
9.8
EPSS Score
0.055
Published
2020-01-08
CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-01-08