Security Vulnerabilities - CVEs Published In January 2020
A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).
CVSS Score
6.5
EPSS Score
0.001
Published
2020-01-08
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-01-08
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-01-08
Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input
CVSS Score
4.8
EPSS Score
0.002
Published
2020-01-08
centurystar 7.12 ActiveX Control has a Stack Buffer Overflow
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-08
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.
CVSS Score
7.5
EPSS Score
0.016
Published
2020-01-08
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
CVSS Score
8.3
EPSS Score
0.324
Published
2020-01-08
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
CVSS Score
9.8
EPSS Score
0.098
Published
2020-01-08
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-08
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
CVSS Score
5.3
EPSS Score
0.005
Published
2020-01-08