Security Vulnerabilities - CVEs Published In July 2020
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-07-28
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-07-28
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-07-28
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-07-28
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-07-28
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
CVSS Score
9.1
EPSS Score
0.794
Published
2020-07-28
Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-07-28
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose file contents in the context of SYSTEM. Was ZDI-CAN-10710.
CVSS Score
7.5
EPSS Score
0.238
Published
2020-07-28
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.
CVSS Score
8.8
EPSS Score
0.015
Published
2020-07-28
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756.
CVSS Score
6.3
EPSS Score
0.002
Published
2020-07-28