Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-6265 | Use of Hard-coded Credentials vulnerability in SAP Commerce and Commerce Data HUB SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | 7.5 |
| 2020-06-09 | CVE-2020-13911 | Cross-site Scripting vulnerability in Your Online Shop Project Your Online Shop 1.8.0 Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation. | 3.5 |
| 2020-06-09 | CVE-2020-13872 | Improper Restriction of Excessive Authentication Attempts vulnerability in Royalapps Royal TS Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | 3.3 |
| 2020-06-09 | CVE-2020-11957 | Insufficient Entropy vulnerability in Cypress Psoc 4.2 BLE The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. | 5.4 |
| 2020-06-09 | CVE-2020-13892 | Cross-site Scripting vulnerability in Themeboy Sportspress The SportsPress plugin before 2.7.2 for WordPress allows XSS. | 3.5 |
| 2020-06-09 | CVE-2020-12004 | Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition Gateway The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | 5.0 |
| 2020-06-09 | CVE-2020-12000 | Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway The affected product is vulnerable to the handling of serialized data. | 7.5 |
| 2020-06-09 | CVE-2020-10644 | Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | 5.0 |
| 2020-06-09 | CVE-2020-9834 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 9.3 |
| 2020-06-09 | CVE-2020-9858 | Uncontrolled Search Path Element vulnerability in Apple Windows Migration Assistant A dynamic library loading issue was addressed with improved path searching. | 4.4 |