CWE:
 

Tytuł
Data
Autor
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
28.04.2019
Cisco Talos
High
aws-cfn-bootstrap Local Code Execution
04.12.2017
Harry Sintonen
Med.
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
22.08.2016
Multiple
Low
Samsung SNS Provider Application For Android Access Theft
13.03.2015
Sadosky


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-05-21
Low
CVE-2020-1084

Vendor: Microsoft
Software: Windows 10
 

 
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123.

 
Medium
CVE-2020-1056

Updating...
 

 
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.

 
Low
CVE-2020-1123

Vendor: Microsoft
Software: Windows 10
 

 
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1084.

 
2020-05-18
Medium
CVE-2019-7247

Vendor: AMD
Software: Overdrive
 

 
An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.

 
Medium
CVE-2019-7246

Vendor: AMD
Software: Atillk64
 

 
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.

 
2020-05-17
Medium
CVE-2020-13125

Vendor: Uaelementor
Software: Ultimate add...
 

 
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

 
2020-05-12
Medium
CVE-2020-8153

Vendor: Nextcloud
Software: Group folders
 

 
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.

 
2020-05-06
Medium
CVE-2020-3312

Vendor: Cisco
Software: Firepower ma...
 

 
A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.

 
2020-04-23
Medium
CVE-2020-4311

Vendor: IBM
Software: Tivoli monit...
 

 
IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083.

 
2020-04-16
Medium
CVE-2019-20693

Updating...
 

 
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top