Show filters
538 topics marked with the following tags:
Displaying 11-20 of 538
Sort by:
Attacker Value
Low
CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability
Last updated June 09, 2020
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.
The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.
1
Attacker Value
High
VU#498544 ZyXEL pre-authentication command injection in weblogin.cgi
Last updated February 26, 2020
" Multiple ZyXEL devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.
Multiple ZyXEL devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, many ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges.
Exploit code for this vulnerability that targets NAS devices is available on the internet. "
1
Attacker Value
Low
CVE-2020-0543 CROSSTALK
Disclosure Date: June 15, 2020 (last updated November 28, 2024)
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1
Attacker Value
Very Low
Intel CPU Memory Mapping Local Information Leak: 'Spoiler'
Disclosure Date: April 17, 2019 (last updated November 27, 2024)
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
0
Attacker Value
High
CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability
Disclosure Date: June 09, 2020 (last updated November 28, 2024)
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
1
Attacker Value
Very Low
CVE-2019-9169
Disclosure Date: February 26, 2019 (last updated November 08, 2023)
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
0
Attacker Value
Moderate
CVE-2020-8091
Disclosure Date: January 27, 2020 (last updated November 27, 2024)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
1
Attacker Value
Very High
CVE-2020-15506
Disclosure Date: July 07, 2020 (last updated November 28, 2024)
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
1
Attacker Value
Moderate
CVE-2020-10740
Disclosure Date: June 22, 2020 (last updated November 08, 2023)
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
1
Attacker Value
Very High
CVE-2020-16875
Disclosure Date: September 11, 2020 (last updated January 01, 2024)
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p>
<p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
4