Monthly Archive: December 2020

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero...

This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and...

This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later. Date published : 2020-12-09 https://www.qnap.com/en/security-advisory/qsa-20-14

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and...

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Date published : 2020-12-09 https://github.com/peacexie/imcat/issues/4

A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user...

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software’s internal program directory that prevents the Cortex XDR Agent from starting....

Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP...

Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including...

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability Date published : 2020-12-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17159

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17152. Date published : 2020-12-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17158

Visual Studio Remote Code Execution Vulnerability Date published : 2020-12-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156

Microsoft Edge for Android Spoofing Vulnerability Date published : 2020-12-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17153

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17158. Date published : 2020-12-09 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17152