Security Vulnerabilities - CVEs Published In January 2020
MySecureShell 1.31 has a Local Denial of Service Vulnerability
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-23
mysecureshell 1.31: Local Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-23
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
CVSS Score
8.8
EPSS Score
0.042
Published
2020-01-23
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-23
Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges
CVSS Score
7.8
EPSS Score
0.0
Published
2020-01-23
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-01-23
mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-23
ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-01-23
IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability
CVSS Score
6.5
EPSS Score
0.004
Published
2020-01-23
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
CVSS Score
7.7
EPSS Score
0.002
Published
2020-01-23