Monthly Archive: September 2020

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in...

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (–check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to...

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the...

In Xiaomi router R3600 ROM version

Memory overflow in Xiaomi AI speaker Rom version

An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159. Date published : 2020-09-11 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1376

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique...

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1218. Date...

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1193,...

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1193,...

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1129....

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1053. Date published : 2020-09-11 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1308

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1169. Date published : 2020-09-11 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1303

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. Date published : 2020-09-11 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1285