Security Vulnerabilities - CVEs Published In May 2020
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.267
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.315
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
CVSS Score
9.8
EPSS Score
0.05
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
CVSS Score
7.1
EPSS Score
0.006
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
CVSS Score
8.8
EPSS Score
0.019
Published
2020-05-08
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-05-08