Security Vulnerabilities - CVEs Published In August 2020
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVSS Score
5.5
EPSS Score
0.006
Published
2020-08-13
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
CVSS Score
6.7
EPSS Score
0.001
Published
2020-08-12
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-08-12
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
CVSS Score
6.1
EPSS Score
0.038
Published
2020-08-12
PHP-Fusion 9.03 allows XSS via the error_log file.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-12
PHP-Fusion 9.03 allows XSS on the preview page.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-08-12
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages.
CVSS Score
4.6
EPSS Score
0.001
Published
2020-08-12
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
CVSS Score
4.1
EPSS Score
0.004
Published
2020-08-12
A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information
CVSS Score
9.8
EPSS Score
0.732
Published
2020-08-12
A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information
CVSS Score
7.5
EPSS Score
0.747
Published
2020-08-12