Security Vulnerabilities - CVEs Published In January 2020
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
CVSS Score
3.5
EPSS Score
0.005
Published
2020-01-28
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-01-27
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-01-27
The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).
CVSS Score
4.8
EPSS Score
0.003
Published
2020-01-27
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
CVSS Score
4.8
EPSS Score
0.209
Published
2020-01-27
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-27
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
CVSS Score
7.2
EPSS Score
0.128
Published
2020-01-27
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
CVSS Score
7.5
EPSS Score
0.342
Published
2020-01-27
SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-01-27
Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.
CVSS Score
9.8
EPSS Score
0.057
Published
2020-01-27