Security Vulnerabilities - CVEs Published In April 2020
Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).
CVSS Score
8.8
EPSS Score
0.003
Published
2020-04-29
Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).
CVSS Score
8.8
EPSS Score
0.003
Published
2020-04-29
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.
CVSS Score
2.2
EPSS Score
0.008
Published
2020-04-29
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-04-29
Cerner medico 26.00 allows variable reuse, possibly causing data corruption.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-04-29
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-04-29
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
CVSS Score
6.1
EPSS Score
0.014
Published
2020-04-29
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-04-29
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-04-29
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.
CVSS Score
7.7
EPSS Score
0.001
Published
2020-04-29