Security Vulnerabilities - CVEs Published In February 2020
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-02-04
ZPanel 10.0.1 has insufficient entropy for its password reset process.
CVSS Score
9.8
EPSS Score
0.144
Published
2020-02-04
webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").
CVSS Score
5.3
EPSS Score
0.003
Published
2020-02-04
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
CVSS Score
8.8
EPSS Score
0.055
Published
2020-02-04
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script
CVSS Score
9.8
EPSS Score
0.427
Published
2020-02-04
D-Link DIR-100 4.03B07: cli.cgi CSRF
CVSS Score
8.8
EPSS Score
0.013
Published
2020-02-04
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-02-04
Joomla! core 1.7.1 allows information disclosure due to weak encryption
CVSS Score
7.5
EPSS Score
0.0
Published
2020-02-04
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-04
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.
CVSS Score
8.1
EPSS Score
0.003
Published
2020-02-04