Security Vulnerabilities - CVEs Published In October 2020
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-10-27
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.004
Published
2020-10-27
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-10-27
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-10-27
An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-10-27
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVSS Score
7.5
EPSS Score
0.069
Published
2020-10-27
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-10-27
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-10-27
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.
CVSS Score
3.8
EPSS Score
0.063
Published
2020-10-27
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVSS Score
7.2
EPSS Score
0.066
Published
2020-10-27