Security Vulnerabilities - CVEs Published In March 2020
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.039
Published
2020-03-13
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.
CVSS Score
8.8
EPSS Score
0.022
Published
2020-03-13
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-03-13
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-03-13
Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-03-13
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-03-13
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-03-13
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-13
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-13