Security Vulnerabilities - CVEs Published In January 2020
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.
CVSS Score
3.7
EPSS Score
0.003
Published
2020-01-28
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
CVSS Score
9.8
EPSS Score
0.041
Published
2020-01-28
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-01-28
The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.
CVSS Score
7.3
EPSS Score
0.004
Published
2020-01-28
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
CVSS Score
5.0
EPSS Score
0.017
Published
2020-01-28
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
CVSS Score
5.0
EPSS Score
0.016
Published
2020-01-28
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVSS Score
5.0
EPSS Score
0.018
Published
2020-01-28
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVSS Score
5.0
EPSS Score
0.018
Published
2020-01-28
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVSS Score
5.0
EPSS Score
0.018
Published
2020-01-28
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
CVSS Score
8.8
EPSS Score
0.014
Published
2020-01-28