Security Vulnerabilities - CVEs Published In January 2020
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-08
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-08
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
CVSS Score
9.1
EPSS Score
0.002
Published
2020-01-08
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
CVSS Score
9.8
EPSS Score
0.003
Published
2020-01-08
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks
CVSS Score
9.8
EPSS Score
0.284
Published
2020-01-08
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.
CVSS Score
6.5
EPSS Score
0.008
Published
2020-01-08
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-08
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-01-08
A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-01-08
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
CVSS Score
9.8
EPSS Score
0.019
Published
2020-01-08