An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka ‘Windows Registry Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1377. Date published :...
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka ‘Windows Registry Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1378. Date published :...
A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka ‘Windows Media Remote Code Execution Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka ‘Windows Print Spooler Elevation of Privilege Vulnerability’. Date published : 2020-08-17 http://packetstormsecurity.com/files/160028/Microsoft-Windows-Local-Spooler-Bypass.html http://packetstormsecurity.com/files/160993/Microsoft-Spooler-Local-Privilege-Elevation.html
Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user’s active session if the user is exposed to a malicious payload. Date published...
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only...
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server....
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can’t be parsed. Date published : 2020-08-17 https://www.playframework.com/security/vulnerability https://www.playframework.com/security/vulnerability/CVE-2020-12480-CsrfBlacklistBypass
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka ‘Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability’. Date published : 2020-08-17...
A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka ‘.NET Framework Remote Code Execution Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka ‘Visual Studio Code Remote Code Execution Vulnerability’. Date published : 2020-08-17 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0604
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. Date published : 2020-08-16 https://security.dxw.com/advisories/csrfstored-xss-in-quiz-and-survey-master-formerly-quiz-master-next-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. Date published : 2020-08-15 https://security.gentoo.org/glsa/202007-63 http://www.snmptt.org/changelog.shtml
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. Date published : 2020-08-14 https://github.com/textpattern/textpattern/blob/f94c3fb9916ee0c7fa4a52025fa4e8c3273e355b/HISTORY.txt https://github.com/textpattern/textpattern/commit/1c09094187b9aeb18f09697bc7d1db12d078ae10