Security Vulnerabilities - CVEs Published In January 2020
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-01-03
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-03
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-03
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-03
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-03
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-01-03
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-01-03
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-03
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-03
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.827
Published
2020-01-03