Security Vulnerabilities - CVEs Published In February 2020
PrestaShop before 1.4.11 allows logout CSRF.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-14
Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-14
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-02-13
QNAP VioCard 300 has hardcoded RSA private keys.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-13
TRENDnet TS-S402 has a backdoor to enable TELNET.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-02-13
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-13
Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-13
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-02-13
Belkin n750 routers have a buffer overflow.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-13
A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image.
CVSS Score
7.5
EPSS Score
0.072
Published
2020-02-13