Monthly Archive: August 2020

CVE-2020-7527

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer...

CVE-2020-7525

Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used....

CVE-2020-7524

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to...

CVE-2020-7523

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not...

CVE-2020-7522

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in SFAPV9601 – APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead...

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in SFAPV9601 – APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead...

CVE-2020-5419

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access...

CVE-2020-4492

IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with...

CVE-2020-25065

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG...

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August...

CVE-2020-25063

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018...

CVE-2020-25062

An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020). Date published : 2020-08-31...