Security Vulnerabilities - CVEs Published In March 2020
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-03-19
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-03-19
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-03-19
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-03-19
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-03-19
In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-19
In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-19
In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-19
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-03-19
ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-19