Security Vulnerabilities - CVEs Published In June 2020
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-06-11
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
CVSS Score
8.8
EPSS Score
0.916
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
CVSS Score
7.2
EPSS Score
0.374
Published
2020-06-11
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-11
Artica Pandora FMS 7.44 allows privilege escalation.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
CVSS Score
7.2
EPSS Score
0.374
Published
2020-06-11
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-06-11
An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account.
CVSS Score
7.2
EPSS Score
0.033
Published
2020-06-11
An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-11
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-06-11