Security Vulnerabilities - CVEs Published In May 2020
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-05-02
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).
CVSS Score
6.8
EPSS Score
0.0
Published
2020-05-02
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-05-01
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-01
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.
CVSS Score
7.3
EPSS Score
0.7
Published
2020-05-01
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-05-01
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-05-01
Page 102