** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Disclosure Date: March 07, 2019 (last updated June 15, 2020)
Webmin 1.900 allows authenticated users with "Upload and Download" module access to upload cgi files to a webroot subdirectory and the uploaded files can be executed by sending requests to the web server.
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
Disclosure Date: June 09, 2020 (last updated June 15, 2020)
A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.
Disclosure Date: April 27, 2020 (last updated June 05, 2020)
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)