Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10683PUBLISHED: 2020-05-01
dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CVE-2019-4209PUBLISHED: 2020-05-01
HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.
CVE-2020-7351PUBLISHED: 2020-05-01
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since...
CVE-2020-12117PUBLISHED: 2020-05-01
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.
CVE-2020-12474PUBLISHED: 2020-05-01
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.