Show filters

Showing topic results for "CVE-2020-1571":

(1-10 of 11)

Sort by:
Attacker Value
High

CVE-2020-1571

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Setup Elevation of Privilege Vulnerability'.
Attack Vector: Local Privileges: Low User Interaction: None
1
Attacker Value
Unknown

CVE-2020-15714

Disclosure Date: July 28, 2020 (last updated July 29, 2020)
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Attack Vector: Network Privileges: Low User Interaction: None
0
Attacker Value
Unknown

CVE-2020-15712

Disclosure Date: July 28, 2020 (last updated July 29, 2020)
rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.
Attack Vector: Network Privileges: Low User Interaction: None
0
Attacker Value
Unknown

CVE-2020-15715

Disclosure Date: July 28, 2020 (last updated July 29, 2020)
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.
Attack Vector: Network Privileges: Low User Interaction: None
0
Attacker Value
Unknown

CVE-2020-15713

Disclosure Date: July 28, 2020 (last updated July 29, 2020)
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Attack Vector: Network Privileges: Low User Interaction: None
0
Attacker Value
Unknown

CVE-2020-15718

Disclosure Date: July 15, 2020 (last updated July 23, 2020)
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
Attack Vector: Network Privileges: None User Interaction: Required
0
Attacker Value
Unknown

CVE-2020-15716

Disclosure Date: July 15, 2020 (last updated July 23, 2020)
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
Attack Vector: Network Privileges: None User Interaction: Required
0
Attacker Value
Unknown

CVE-2020-15717

Disclosure Date: July 15, 2020 (last updated July 23, 2020)
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
Attack Vector: Network Privileges: None User Interaction: Required
0
Attacker Value
Unknown

CVE-2020-15719

Disclosure Date: July 14, 2020 (last updated September 19, 2020)
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Attack Vector: Network Privileges: None User Interaction: Required
0
Attacker Value
Unknown

CVE-2020-15711

Disclosure Date: July 14, 2020 (last updated July 16, 2020)
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
Attack Vector: Network Privileges: None User Interaction: Required
0