Security Vulnerabilities - CVEs Published In May 2020
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-11
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-05-11
A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it.
CVSS Score
7.8
EPSS Score
0.005
Published
2020-05-11
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-05-11
Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.008
Published
2020-05-11
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
CVSS Score
9.8
EPSS Score
0.49
Published
2020-05-11
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020).
CVSS Score
7.5
EPSS Score
0.001
Published
2020-05-11
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).
CVSS Score
9.8
EPSS Score
0.039
Published
2020-05-11
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020).
CVSS Score
7.8
EPSS Score
0.001
Published
2020-05-11
An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions.
CVSS Score
8.8
EPSS Score
0.016
Published
2020-05-11