Security Vulnerabilities - CVEs Published In 2020
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-12-14
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-14
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-12-14
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-12-14
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
CVSS Score
7.5
EPSS Score
0.001
Published
2020-12-14
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-12-14
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-12-14
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-14