CVE-2020-7521
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in SFAPV9601 – APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.
Source: CVE-2020-7521
CVE-2020-7526
Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.
Source: CVE-2020-7526
CVE-2020-7527
Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.
Source: CVE-2020-7527
CVE-2020-7524
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.
Source: CVE-2020-7524
CVE-2020-7525
Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.
Source: CVE-2020-7525
CVE-2020-20627
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.
Source: CVE-2020-20627
CVE-2020-20626
lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.
Source: CVE-2020-20626
CVE-2020-20625
Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
Source: CVE-2020-20625
CVE-2020-24363
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
Source: CVE-2020-24363
CVE-2020-24699
The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.
Source: CVE-2020-24699