Security Vulnerabilities - CVEs Published In January 2020
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-01-27
Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.
CVSS Score
7.2
EPSS Score
0.034
Published
2020-01-27
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
CVSS Score
4.9
EPSS Score
0.001
Published
2020-01-27
AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-27
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.
CVSS Score
5.2
EPSS Score
0.002
Published
2020-01-27
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
CVSS Score
8.3
EPSS Score
0.003
Published
2020-01-27
The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
7.4
EPSS Score
0.001
Published
2020-01-27
The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
7.4
EPSS Score
0.001
Published
2020-01-27
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.
CVSS Score
3.7
EPSS Score
0.001
Published
2020-01-27
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-01-27