Security Vulnerabilities - CVEs Published In April 2020
Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-04-15
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.
CVSS Score
8.4
EPSS Score
0.001
Published
2020-04-15
Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.
CVSS Score
7.4
EPSS Score
0.002
Published
2020-04-15
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-04-15
A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-15
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-04-15
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-04-15
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-15
HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-04-15
HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-04-15