Security Vulnerabilities - CVEs Published In August 2020
HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-08-21
FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-08-21
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-08-21
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
CVSS Score
5.3
EPSS Score
0.032
Published
2020-08-21
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
CVSS Score
7.1
EPSS Score
0.0
Published
2020-08-21
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-08-21
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
CVSS Score
2.1
EPSS Score
0.001
Published
2020-08-21
When an actor claims to have a given identity,
Philips SureSigns VS4, A.07.107 and prior
does not prove or insufficiently proves the claim is correct.
CVSS Score
4.9
EPSS Score
0.002
Published
2020-08-21
Philips SureSigns VS4, A.07.107 and prior
does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-08-21
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.
CVSS Score
8.1
EPSS Score
0.005
Published
2020-08-21