Security Vulnerabilities - CVEs Published In January 2020
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-01-02
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry.
CVSS Score
6.0
EPSS Score
0.001
Published
2020-01-02
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-01-02
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-01-02
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-02
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-02
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-01-02
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVSS Score
5.7
EPSS Score
0.009
Published
2020-01-02
ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-02
MyBB before 1.8.22 allows an open redirect on login.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-02