CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2020-10286 269 +Priv 2020-07-15 2021-12-21
5.8
None Local Network Low Not required Partial Partial Partial
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
702 CVE-2020-10285 331 2020-07-15 2021-12-21
7.5
None Remote Low Not required Partial Partial Partial
The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to mitigate or lockout automated attempts to gain access.
703 CVE-2020-10284 2020-07-15 2020-07-23
6.4
None Remote Low Not required None Partial Partial
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
704 CVE-2020-10282 306 2020-07-03 2020-10-23
7.5
None Remote Low Not required Partial Partial Partial
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.
705 CVE-2020-10281 319 2020-07-03 2021-12-21
5.0
None Remote Low Not required Partial None None
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.
706 CVE-2020-10045 294 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
707 CVE-2020-10044 306 2020-07-14 2020-07-15
5.0
None Remote Low Not required None Partial None
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device.
708 CVE-2020-10043 79 XSS 2020-07-14 2020-07-15
4.3
None Remote Medium Not required None Partial None
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.
709 CVE-2020-10042 120 Exec Code Overflow 2020-07-14 2020-07-15
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.
710 CVE-2020-10041 79 XSS 2020-07-14 2020-07-15
4.3
None Remote Medium Not required None Partial None
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A stored Cross-Site-Scripting (XSS) vulnerability is present in different locations of the web application. An attacker might be able to take over a session of a legitimate user.
711 CVE-2020-10040 916 2020-07-14 2020-07-15
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve some passwords in clear text.
712 CVE-2020-10039 311 +Priv 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data.
713 CVE-2020-10038 306 Exec Code 2020-07-14 2020-07-15
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the device's web server might be able to execute administrative commands without authentication.
714 CVE-2020-10037 125 2020-07-14 2020-07-15
5.0
None Remote Low Not required Partial None None
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). By performing a flooding attack against the web server, an attacker might be able to gain read access to the device's memory, possibly revealing confidential information.
715 CVE-2020-9692 863 Exec Code Bypass 2020-07-29 2021-07-21
8.5
None Remote Medium ??? Complete Complete Complete
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
716 CVE-2020-9691 79 Exec Code XSS 2020-07-29 2020-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
717 CVE-2020-9690 203 Bypass 2020-07-29 2020-07-30
3.5
None Remote Medium ??? None Partial None
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
718 CVE-2020-9689 22 Exec Code Dir. Trav. 2020-07-29 2020-07-30
8.5
None Remote Medium ??? Complete Complete Complete
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
719 CVE-2020-9688 74 Exec Code 2020-07-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
720 CVE-2020-9687 787 Exec Code 2020-07-22 2020-07-23
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
721 CVE-2020-9686 125 Exec Code 2020-07-22 2020-07-23
4.3
None Remote Medium Not required Partial None None
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
722 CVE-2020-9685 787 Exec Code 2020-07-22 2020-07-23
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
723 CVE-2020-9684 787 Exec Code 2020-07-22 2020-07-23
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
724 CVE-2020-9683 787 Exec Code 2020-07-22 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
725 CVE-2020-9682 59 2020-07-17 2021-10-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write.
726 CVE-2020-9680 787 Exec Code 2020-07-22 2020-07-23
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
727 CVE-2020-9679 125 Exec Code 2020-07-22 2020-07-23
4.3
None Remote Medium Not required Partial None None
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
728 CVE-2020-9678 787 Exec Code 2020-07-22 2020-07-23
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
729 CVE-2020-9677 787 Exec Code 2020-07-22 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
730 CVE-2020-9676 787 Exec Code 2020-07-22 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
731 CVE-2020-9675 125 Exec Code 2020-07-22 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
732 CVE-2020-9674 787 Exec Code 2020-07-22 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
733 CVE-2020-9673 426 2020-07-17 2020-07-22
4.4
None Local Medium Not required Partial Partial Partial
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
734 CVE-2020-9672 426 2020-07-17 2020-07-22
4.4
None Local Medium Not required Partial Partial Partial
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
735 CVE-2020-9671 732 2020-07-17 2021-10-05
7.5
None Remote Low Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
736 CVE-2020-9670 59 2020-07-17 2020-07-22
7.5
None Remote Low Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.
737 CVE-2020-9669 269 2020-07-17 2020-07-21
7.5
None Remote Low Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.
738 CVE-2020-9665 79 XSS 2020-07-22 2020-07-24
4.3
None Remote Medium Not required None Partial None
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
739 CVE-2020-9664 94 Exec Code 2020-07-22 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.
740 CVE-2020-9663 22 Dir. Trav. 2020-07-22 2020-07-23
5.0
None Remote Low Not required Partial None None
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure.
741 CVE-2020-9650 787 Exec Code 2020-07-17 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
742 CVE-2020-9649 125 2020-07-17 2020-07-22
4.3
None Remote Medium Not required Partial None None
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
743 CVE-2020-9646 787 Exec Code 2020-07-17 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
744 CVE-2020-9498 119 Exec Code Overflow Mem. Corr. 2020-07-02 2021-07-21
6.2
None Local High Not required Complete Complete Complete
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.
745 CVE-2020-9497 200 +Info 2020-07-02 2021-07-21
1.2
None Local High Not required Partial None None
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.
746 CVE-2020-9496 79 XSS 2020-07-15 2022-04-05
4.3
None Remote Medium Not required None Partial None
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
747 CVE-2020-9485 79 XSS 2020-07-17 2020-07-21
4.3
None Remote Medium Not required None Partial None
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.
748 CVE-2020-9395 120 Overflow 2020-07-06 2021-07-21
4.9
None Local Network Medium ??? Partial Partial Partial
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer.
749 CVE-2020-9377 94 Exec Code 2020-07-09 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
750 CVE-2020-9376 200 +Info 2020-07-09 2021-07-21
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Total number of vulnerabilities : 1418   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.