| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
701 |
CVE-2020-10286 |
269 |
|
+Priv |
2020-07-15 |
2021-12-21 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation. |
|
702 |
CVE-2020-10285 |
331 |
|
|
2020-07-15 |
2021-12-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access. |
|
703 |
CVE-2020-10284 |
|
|
|
2020-07-15 |
2020-07-23 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session. |
|
704 |
CVE-2020-10282 |
306 |
|
|
2020-07-03 |
2020-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable. |
|
705 |
CVE-2020-10281 |
319 |
|
|
2020-07-03 |
2021-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic. |
|
706 |
CVE-2020-10045 |
294 |
|
|
2020-07-14 |
2020-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. |
|
707 |
CVE-2020-10044 |
306 |
|
|
2020-07-14 |
2020-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device. |
|
708 |
CVE-2020-10043 |
79 |
|
XSS |
2020-07-14 |
2020-07-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. |
|
709 |
CVE-2020-10042 |
120 |
|
Exec Code Overflow |
2020-07-14 |
2020-07-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network. |
|
710 |
CVE-2020-10041 |
79 |
|
XSS |
2020-07-14 |
2020-07-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A stored Cross-Site-Scripting (XSS) vulnerability is present in different locations of the web application. An attacker might be able to take over a session of a legitimate user. |
|
711 |
CVE-2020-10040 |
916 |
|
|
2020-07-14 |
2020-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve some passwords in clear text. |
|
712 |
CVE-2020-10039 |
311 |
|
+Priv |
2020-07-14 |
2020-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data. |
|
713 |
CVE-2020-10038 |
306 |
|
Exec Code |
2020-07-14 |
2020-07-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the device's web server might be able to execute administrative commands without authentication. |
|
714 |
CVE-2020-10037 |
125 |
|
|
2020-07-14 |
2020-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). By performing a flooding attack against the web server, an attacker might be able to gain read access to the device's memory, possibly revealing confidential information. |
|
715 |
CVE-2020-9692 |
863 |
|
Exec Code Bypass |
2020-07-29 |
2021-07-21 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
716 |
CVE-2020-9691 |
79 |
|
Exec Code XSS |
2020-07-29 |
2020-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
717 |
CVE-2020-9690 |
203 |
|
Bypass |
2020-07-29 |
2020-07-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. |
|
718 |
CVE-2020-9689 |
22 |
|
Exec Code Dir. Trav. |
2020-07-29 |
2020-07-30 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
719 |
CVE-2020-9688 |
74 |
|
Exec Code |
2020-07-17 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
720 |
CVE-2020-9687 |
787 |
|
Exec Code |
2020-07-22 |
2020-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
|
721 |
CVE-2020-9686 |
125 |
|
Exec Code |
2020-07-22 |
2020-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
722 |
CVE-2020-9685 |
787 |
|
Exec Code |
2020-07-22 |
2020-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
|
723 |
CVE-2020-9684 |
787 |
|
Exec Code |
2020-07-22 |
2020-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
|
724 |
CVE-2020-9683 |
787 |
|
Exec Code |
2020-07-22 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
725 |
CVE-2020-9682 |
59 |
|
|
2020-07-17 |
2021-10-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. |
|
726 |
CVE-2020-9680 |
787 |
|
Exec Code |
2020-07-22 |
2020-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
|
727 |
CVE-2020-9679 |
125 |
|
Exec Code |
2020-07-22 |
2020-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
728 |
CVE-2020-9678 |
787 |
|
Exec Code |
2020-07-22 |
2020-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
|
729 |
CVE-2020-9677 |
787 |
|
Exec Code |
2020-07-22 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
730 |
CVE-2020-9676 |
787 |
|
Exec Code |
2020-07-22 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
731 |
CVE-2020-9675 |
125 |
|
Exec Code |
2020-07-22 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
732 |
CVE-2020-9674 |
787 |
|
Exec Code |
2020-07-22 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
733 |
CVE-2020-9673 |
426 |
|
|
2020-07-17 |
2020-07-22 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. |
|
734 |
CVE-2020-9672 |
426 |
|
|
2020-07-17 |
2020-07-22 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. |
|
735 |
CVE-2020-9671 |
732 |
|
|
2020-07-17 |
2021-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. |
|
736 |
CVE-2020-9670 |
59 |
|
|
2020-07-17 |
2020-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. |
|
737 |
CVE-2020-9669 |
269 |
|
|
2020-07-17 |
2020-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation. |
|
738 |
CVE-2020-9665 |
79 |
|
XSS |
2020-07-22 |
2020-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
|
739 |
CVE-2020-9664 |
94 |
|
Exec Code |
2020-07-22 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
740 |
CVE-2020-9663 |
22 |
|
Dir. Trav. |
2020-07-22 |
2020-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure. |
|
741 |
CVE-2020-9650 |
787 |
|
Exec Code |
2020-07-17 |
2020-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
742 |
CVE-2020-9649 |
125 |
|
|
2020-07-17 |
2020-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
743 |
CVE-2020-9646 |
787 |
|
Exec Code |
2020-07-17 |
2020-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
|
744 |
CVE-2020-9498 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-07-02 |
2021-07-21 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. |
|
745 |
CVE-2020-9497 |
200 |
|
+Info |
2020-07-02 |
2021-07-21 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. |
|
746 |
CVE-2020-9496 |
79 |
|
XSS |
2020-07-15 |
2022-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 |
|
747 |
CVE-2020-9485 |
79 |
|
XSS |
2020-07-17 |
2020-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI. |
|
748 |
CVE-2020-9395 |
120 |
|
Overflow |
2020-07-06 |
2021-07-21 |
4.9 |
None |
Local Network |
Medium |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. |
|
749 |
CVE-2020-9377 |
94 |
|
Exec Code |
2020-07-09 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
750 |
CVE-2020-9376 |
200 |
|
+Info |
2020-07-09 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
