Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2020
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-08-31
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
CVSS Score
5.0
EPSS Score
0.001
Published
2020-08-31
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-08-31
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-08-31
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
CVSS Score
3.8
EPSS Score
0.0
Published
2020-08-31
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-31
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-08-31
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-31
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-08-31


Contact Us

Shodan ® - All rights reserved