Security Vulnerabilities - CVEs Published In February 2020
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
CVSS Score
9.8
EPSS Score
0.035
Published
2020-02-07
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.
CVSS Score
7.1
EPSS Score
0.0
Published
2020-02-07
A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15).
CVSS Score
7.8
EPSS Score
0.002
Published
2020-02-07
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.799
Published
2020-02-07
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.898
Published
2020-02-07
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
CVSS Score
8.8
EPSS Score
0.771
Published
2020-02-07
ProjectPier 0.8.8 has stored XSS
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-07
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-07
ProjectPier 0.8.8 does not use the Secure flag for cookies
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-07
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
CVSS Score
9.8
EPSS Score
0.021
Published
2020-02-07