Security Vulnerabilities, CVEs, Published In February 2020 CVSS score >= 6
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
Max CVSS
6.1
EPSS Score
0.19%
Published
2020-02-28
Updated
2021-07-21
CVE-2020-9465
Public exploit
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the user_id field in a cookie.
Max CVSS
9.8
EPSS Score
0.16%
Published
2020-02-28
Updated
2021-02-23
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Max CVSS
9.0
EPSS Score
76.26%
Published
2020-02-28
Updated
2020-03-03
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
Max CVSS
8.8
EPSS Score
0.10%
Published
2020-02-28
Updated
2020-03-04
There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.
Max CVSS
6.1
EPSS Score
0.13%
Published
2020-02-28
Updated
2021-12-21
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-02-28
Updated
2020-03-03
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
Max CVSS
9.1
EPSS Score
0.11%
Published
2020-02-27
Updated
2020-02-28
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
Max CVSS
7.5
EPSS Score
0.47%
Published
2020-02-27
Updated
2021-07-21
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
Max CVSS
7.5
EPSS Score
0.71%
Published
2020-02-27
Updated
2021-02-09
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
Max CVSS
7.5
EPSS Score
0.36%
Published
2020-02-27
Updated
2021-12-30
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-02-27
Updated
2021-07-21
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
Max CVSS
9.8
EPSS Score
2.20%
Published
2020-02-26
Updated
2023-09-28
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2020-02-26
Updated
2023-09-28
ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_allowed=sites option is manually enabled, allows SQL Injection.
Max CVSS
9.8
EPSS Score
0.14%
Published
2020-02-25
Updated
2020-03-03
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
Max CVSS
7.2
EPSS Score
0.08%
Published
2020-02-25
Updated
2020-02-26
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
Max CVSS
7.5
EPSS Score
0.10%
Published
2020-02-25
Updated
2020-02-26
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
Max CVSS
7.1
EPSS Score
0.05%
Published
2020-02-25
Updated
2022-10-29
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
Max CVSS
7.5
EPSS Score
0.41%
Published
2020-02-24
Updated
2022-07-12
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations.
Max CVSS
6.5
EPSS Score
0.07%
Published
2020-02-25
Updated
2021-07-21
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.
Max CVSS
9.8
EPSS Score
13.41%
Published
2020-02-24
Updated
2022-01-01
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Max CVSS
7.5
EPSS Score
2.63%
Published
2020-02-24
Updated
2022-01-01
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.43%
Published
2020-02-24
Updated
2022-01-01