Security Vulnerabilities - CVEs Published In March 2020
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-03-18
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-03-18
Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-03-18
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
CVSS Score
6.7
EPSS Score
0.006
Published
2020-03-18
ERPNext 11.1.47 allows blog?blog_category= Frame Injection.
CVSS Score
4.7
EPSS Score
0.003
Published
2020-03-18
Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-03-18
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-03-18
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-03-18
Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-03-18
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
CVSS Score
6.5
EPSS Score
0.065
Published
2020-03-18