Security Vulnerabilities - CVEs Published In February 2020
A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite includes Hitachi Device Manager and Hitachi Compute Systems Manager.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-02-14
A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-02-14
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-02-14
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-02-14
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
CVSS Score
5.1
EPSS Score
0.001
Published
2020-02-14
ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-14
vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug
CVSS Score
2.3
EPSS Score
0.002
Published
2020-02-14
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-14
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-14
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-14