Security Vulnerabilities - CVEs Published In 2020
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562
CVSS Score
9.8
EPSS Score
0.002
Published
2020-12-14
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-160265164
CVSS Score
7.8
EPSS Score
0.004
Published
2020-12-14
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a userĀ“s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.
CVSS Score
7.3
EPSS Score
0.002
Published
2020-12-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-12-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files.
CVSS Score
7.7
EPSS Score
0.001
Published
2020-12-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-14
A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-12-14
SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-14
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-14