Security Vulnerabilities - CVEs Published In June 2020
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-06-30
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
CVSS Score
7.8
EPSS Score
0.002
Published
2020-06-30
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-30
IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.
CVSS Score
4.4
EPSS Score
0.001
Published
2020-06-30
An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-06-30
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-06-30
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-06-30
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-30
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-06-30
Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-06-30