Security Vulnerabilities - CVEs Published In January 2020
The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-22
The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-01-22
The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-01-22
The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-22
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-22
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)
CVSS Score
9.8
EPSS Score
0.009
Published
2020-01-22
An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-01-22
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
CVSS Score
6.9
EPSS Score
0.003
Published
2020-01-22
Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-22
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-21