CVE-2020-6081
An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
Source: CVE-2020-6081
CVE-2020-5895
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket.
Source: CVE-2020-5895
CVE-2020-5894
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
Source: CVE-2020-5894
CVE-2019-18867
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.
Source: CVE-2019-18867
CVE-2018-5493
ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS).
Source: CVE-2018-5493
CVE-2019-18868
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
Source: CVE-2019-18868
CVE-2019-18865
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
Source: CVE-2019-18865
CVE-2020-12696
The iframe plugin before 4.5 for WordPress does not sanitize a URL.
Source: CVE-2020-12696
CVE-2020-12691
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Source: CVE-2020-12691
CVE-2020-12692
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn’t have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
Source: CVE-2020-12692