Security Vulnerabilities - CVEs Published In June 2020
IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179160.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-11
Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-11
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-06-11
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
CVSS Score
8.8
EPSS Score
0.94
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
CVSS Score
7.2
EPSS Score
0.311
Published
2020-06-11
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-11
Artica Pandora FMS 7.44 allows privilege escalation.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
CVSS Score
7.2
EPSS Score
0.311
Published
2020-06-11
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-06-11
An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account.
CVSS Score
7.2
EPSS Score
0.02
Published
2020-06-11