Security Vulnerabilities - CVEs Published In February 2020
Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-02-13
Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-02-13
Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.003
Published
2020-02-13
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-02-13
Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-02-13
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-02-13
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.
CVSS Score
9.3
EPSS Score
0.003
Published
2020-02-13
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
CVSS Score
9.8
EPSS Score
0.478
Published
2020-02-13
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-02-13
dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-13