Security Vulnerabilities - CVEs Published In July 2020
IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.
CVSS Score
8.8
EPSS Score
0.029
Published
2020-07-15
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
CVSS Score
5.6
EPSS Score
0.002
Published
2020-07-15
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-07-15
An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-07-15
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-07-15
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
CVSS Score
9.1
EPSS Score
0.005
Published
2020-07-15
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
CVSS Score
9.0
EPSS Score
0.007
Published
2020-07-15
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-07-15
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-07-15
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-07-15