Security Vulnerabilities - CVEs Published In August 2020
All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-08-17
HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic error vulnerability. In a special scenario, the system does not properly process. As a result, attackers can perform a series of operations to successfully establish P2P connections that are rejected by the peer end. As a result, the availability of the device is affected.
CVSS Score
4.6
EPSS Score
0.0
Published
2020-08-17
FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.
CVSS Score
8.8
EPSS Score
0.02
Published
2020-08-17
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cmdshell stored procedure.
CVSS Score
9.8
EPSS Score
0.036
Published
2020-08-17
All versions of package templ8 are vulnerable to Prototype Pollution via the parse function.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-08-17
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
CVSS Score
8.8
EPSS Score
0.023
Published
2020-08-17
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.
CVSS Score
6.8
EPSS Score
0.002
Published
2020-08-17
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-08-16
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-08-16
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-08-14