Security Vulnerabilities - CVEs Published In March 2020
Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html
CVSS Score
6.7
EPSS Score
0.001
Published
2020-03-12
bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-03-12
yidashi yii2cmf 2.0 has XSS via the /search q parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-12
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-03-12
bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-03-12
Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-12
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-03-12
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-03-12
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-03-12
NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-03-12