Security Vulnerabilities - CVEs Published In February 2020
An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.
CVSS Score
8.2
EPSS Score
0.002
Published
2020-02-04
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.
CVSS Score
8.2
EPSS Score
0.002
Published
2020-02-04
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
CVSS Score
8.8
EPSS Score
0.067
Published
2020-02-04
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-04
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
CVSS Score
9.8
EPSS Score
0.023
Published
2020-02-04
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-02-04
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
CVSS Score
4.9
EPSS Score
0.007
Published
2020-02-04
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-02-04
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
CVSS Score
8.0
EPSS Score
0.003
Published
2020-02-04
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-04