Security Vulnerabilities - CVEs Published In January 2020
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
CVSS Score
6.5
EPSS Score
0.015
Published
2020-01-22
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
CVSS Score
7.2
EPSS Score
0.013
Published
2020-01-22
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-01-22
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-22
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.
CVSS Score
7.1
EPSS Score
0.009
Published
2020-01-22
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
CVSS Score
9.8
EPSS Score
0.019
Published
2020-01-22
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-22
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.
CVSS Score
4.4
EPSS Score
0.001
Published
2020-01-22
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-22
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-22