Security Vulnerabilities - CVEs Published In 2020
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.
CVSS Score
7.5
EPSS Score
0.017
Published
2020-12-21
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.
CVSS Score
9.8
EPSS Score
0.018
Published
2020-12-21
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
CVSS Score
9.8
EPSS Score
0.048
Published
2020-12-21
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
CVSS Score
8.8
EPSS Score
0.817
Published
2020-12-21
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-21
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
CVSS Score
9.8
EPSS Score
0.11
Published
2020-12-21
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-12-21
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-12-21
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044.
CVSS Score
7.4
EPSS Score
0.002
Published
2020-12-21
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-12-21