Security Vulnerabilities - CVEs Published In October 2020
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
CVSS Score
9.6
EPSS Score
0.001
Published
2020-10-09
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
CVSS Score
9.6
EPSS Score
0.001
Published
2020-10-09
NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.
CVSS Score
9.6
EPSS Score
0.001
Published
2020-10-09
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
CVSS Score
9.6
EPSS Score
0.002
Published
2020-10-09
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
CVSS Score
9.6
EPSS Score
0.001
Published
2020-10-09
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-10-09
A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-10-09
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-10-09
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
CVSS Score
4.6
EPSS Score
0.001
Published
2020-10-09
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-10-08