Security Vulnerabilities - CVEs Published In July 2020
A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess
CVSS Score
6.1
EPSS Score
0.004
Published
2020-07-08
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-07-08
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-07-07
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql
CVSS Score
9.8
EPSS Score
0.006
Published
2020-07-07
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
CVSS Score
9.8
EPSS Score
0.006
Published
2020-07-07
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
CVSS Score
9.8
EPSS Score
0.006
Published
2020-07-07