Security Vulnerabilities - CVEs Published In January 2020
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-01-26
A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.
CVSS Score
6.4
EPSS Score
0.003
Published
2020-01-26
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-25
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
CVSS Score
8.8
EPSS Score
0.013
Published
2020-01-25
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
CVSS Score
9.8
EPSS Score
0.934
Published
2020-01-25
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.
CVSS Score
7.2
EPSS Score
0.01
Published
2020-01-25
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.195
Published
2020-01-25
Novell ZENworks Configuration Management before 11.2.4 allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-01-25
Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-25
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-01-25