Security Vulnerabilities - CVEs Published In January 2020
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
CVSS Score
4.9
EPSS Score
0.009
Published
2020-01-23
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-01-23
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-23
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-01-23
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
CVSS Score
7.2
EPSS Score
0.09
Published
2020-01-23
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-01-23
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
CVSS Score
5.3
EPSS Score
0.496
Published
2020-01-23
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-01-23
Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.
CVSS Score
7.5
EPSS Score
0.091
Published
2020-01-23
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-01-23