A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1557, CVE-2020-1558, CVE-2020-1564....
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’. Date published...
An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Work Folders...
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka ‘Windows Hard Link Elevation of Privilege Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1467
A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Gateway (RD...
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka ‘Windows Spoofing Vulnerability’. Date published : 2020-08-17 https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation, aka ‘Windows ARM Information Disclosure Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1459
A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka ‘Microsoft SQL Server Management Studio Denial of Service Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1486, CVE-2020-1566. Date published...
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not...
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. Date published : 2020-08-17 https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka ‘Windows RRAS Service Information Disclosure Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1383
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570....
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554. Date published :...