Security Vulnerabilities - CVEs Published In 2020
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-12-14
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-12-14
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."
CVSS Score
9.8
EPSS Score
0.708
Published
2020-12-14
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-12-14
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-12-14
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-12-14
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-12-14
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-12-14