Security Vulnerabilities - CVEs Published In February 2020
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-02-06
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVSS Score
5.6
EPSS Score
0.018
Published
2020-02-06
An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .
CVSS Score
9.8
EPSS Score
0.047
Published
2020-02-06
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts.
CVSS Score
9.8
EPSS Score
0.836
Published
2020-02-06
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
CVSS Score
5.3
EPSS Score
0.03
Published
2020-02-06
Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet.
CVSS Score
5.3
EPSS Score
0.099
Published
2020-02-06
All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization.
CVSS Score
9.8
EPSS Score
0.083
Published
2020-02-06
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-02-06
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-06
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-06