Security Vulnerabilities - CVEs Published In February 2020
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-02-13
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
CVSS Score
9.8
EPSS Score
0.934
Published
2020-02-13
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.
CVSS Score
4.2
EPSS Score
0.002
Published
2020-02-13
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.
CVSS Score
6.8
EPSS Score
0.003
Published
2020-02-12
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
CVSS Score
4.7
EPSS Score
0.001
Published
2020-02-12
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-02-12
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-02-12
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
CVSS Score
9.8
EPSS Score
0.142
Published
2020-02-12
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.
CVSS Score
9.8
EPSS Score
0.619
Published
2020-02-12
A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-02-12