CVE-2020-11957

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.

Source: CVE-2020-11957

CVE-2020-13872

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.

Source: CVE-2020-13872

CVE-2020-13892

The SportsPress plugin before 2.7.2 for WordPress allows XSS.

Source: CVE-2020-13892

CVE-2020-12004

The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information.

Source: CVE-2020-12004

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information.

Source: CVE-2020-10644

CVE-2020-12000

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information.

Source: CVE-2020-12000

CVE-2020-9858

A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution.

Source: CVE-2020-9858

CVE-2020-9856

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.

Source: CVE-2020-9856

CVE-2020-9855

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.

Source: CVE-2020-9855

CVE-2020-9851

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.

Source: CVE-2020-9851