Security Vulnerabilities - CVEs Published In July 2020
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).
CVSS Score
6.5
EPSS Score
0.001
Published
2020-07-07
The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-07-07
The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-07-07
The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-07-07
The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-07-07
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-07-07
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421.
CVSS Score
6.1
EPSS Score
0.033
Published
2020-07-07
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.
CVSS Score
7.5
EPSS Score
0.029
Published
2020-07-07
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
CVSS Score
6.1
EPSS Score
0.033
Published
2020-07-07
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response.
CVSS Score
7.5
EPSS Score
0.029
Published
2020-07-07