Security Vulnerabilities - CVEs Published In September 2020
RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-09-02
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-02
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-09-02
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-09-02
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-02
A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-09-02
A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe terminates as a result.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-02
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-02
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-02
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-02