Security Vulnerabilities - CVEs Published In 2020
Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.
CVSS Score
7.4
EPSS Score
0.002
Published
2020-12-14
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.
CVSS Score
8.8
EPSS Score
0.106
Published
2020-12-14
An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary PIN. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices
CVSS Score
5.7
EPSS Score
0.0
Published
2020-12-12
An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices
CVSS Score
5.7
EPSS Score
0.0
Published
2020-12-12
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-12-12
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-12-12
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-12-12
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-12-12
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
CVSS Score
9.8
EPSS Score
0.056
Published
2020-12-12
Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-12-12