Security Vulnerabilities - CVEs Published In September 2020
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-09-03
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-09-03
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-09-03
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-09-03
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-09-03
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-09-03
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-09-03
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-09-03
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-09-03
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
CVSS Score
7.5
EPSS Score
0.514
Published
2020-09-03