Security Vulnerabilities - CVEs Published In March 2020
The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-03-16
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-03-16
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-16
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-03-16
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.
CVSS Score
7.2
EPSS Score
0.738
Published
2020-03-16
CVE-2020-5847
Unraid through 6.8.0 allows Remote Code Execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.935
Published
2020-03-16
CVE-2020-5849
Unraid 6.8.0 allows authentication bypass.
Known exploited
CVSS Score
7.5
EPSS Score
0.938
Published
2020-03-16
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
CVSS Score
7.3
EPSS Score
0.002
Published
2020-03-16
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
CVSS Score
7.5
EPSS Score
0.016
Published
2020-03-16
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
CVSS Score
3.9
EPSS Score
0.002
Published
2020-03-16