Security Vulnerabilities Published In June 2020
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.
Max Base Score
9.8
Published
2020-06-30
Updated
2020-07-02
EPSS
7.83%
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
Max Base Score
4.3
Published
2020-06-30
Updated
2021-07-21
EPSS
0.05%
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
Max Base Score
9.8
Published
2020-06-30
Updated
2021-07-21
EPSS
0.22%
IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.
Max Base Score
4.4
Published
2020-06-30
Updated
2020-07-07
EPSS
0.04%
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
Max Base Score
4.3
Published
2020-06-30
Updated
2021-07-21
EPSS
0.05%
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
Max Base Score
7.8
Published
2020-06-30
Updated
2022-07-12
EPSS
0.11%
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
Max Base Score
7.8
Published
2020-06-30
Updated
2022-04-28
EPSS
0.04%
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).
Max Base Score
7.8
Published
2020-06-30
Updated
2022-11-16
EPSS
0.17%
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
Max Base Score
5.5
Published
2020-06-29
Updated
2022-04-28
EPSS
0.05%
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
Max Base Score
6.5
Published
2020-06-29
Updated
2022-10-06
EPSS
1.29%
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
Max Base Score
5.5
Published
2020-06-29
Updated
2020-07-09
EPSS
0.04%
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
Max Base Score
6.5
Published
2020-06-28
Updated
2020-07-06
EPSS
0.13%
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
Max Base Score
6.1
Published
2020-06-28
Updated
2022-07-17
EPSS
0.29%
The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.
Max Base Score
9.8
Published
2020-06-28
Updated
2022-07-17
EPSS
3.71%
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.
Max Base Score
9.8
Published
2020-06-29
Updated
2021-07-21
EPSS
1.02%
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
Max Base Score
7.8
Published
2020-06-27
Updated
2022-07-12
EPSS
0.04%
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
Max Base Score
5.5
Published
2020-06-27
Updated
2022-05-12
EPSS
0.08%
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.
Max Base Score
7.8
Published
2020-06-26
Updated
2020-07-06
EPSS
0.04%
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
Max Base Score
10.0
Published
2020-06-26
Updated
2021-07-21
EPSS
5.91%
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
Max Base Score
7.5
Published
2020-06-26
Updated
2022-07-17
EPSS
0.09%
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
Max Base Score
7.5
Published
2020-06-26
Updated
2022-07-17
EPSS
0.09%
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
Max Base Score
9.8
Published
2020-06-29
Updated
2020-07-06
EPSS
0.36%
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
Max Base Score
9.8
Published
2020-06-29
Updated
2020-07-06
EPSS
0.36%
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
Max Base Score
9.8
Published
2020-06-29
Updated
2020-07-06
EPSS
0.36%
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
Max Base Score
9.8
Published
2020-06-29
Updated
2020-07-06
EPSS
0.36%