Security Vulnerabilities - CVEs Published In January 2020
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
CVSS Score
9.8
EPSS Score
0.923
Published
2020-01-28
Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-28
Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system.
CVSS Score
9.8
EPSS Score
0.438
Published
2020-01-28
Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-28
Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-28
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-01-28
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-01-28
IBM Content Navigator 3.0CD could allow an authenticated user to gain information about the hosting operating system and version that could be used in further attacks against the system. IBM X-Force ID: 171515.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-28
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
CVSS Score
7.1
EPSS Score
0.006
Published
2020-01-28
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972.
CVSS Score
9.8
EPSS Score
0.02
Published
2020-01-28