CVE-2020-8601
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
Source: CVE-2020-8601
[월:] 2020년 02월
CVE-2019-14688
CVE-2019-14688
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
Source: CVE-2019-14688
CVE-2019-19694
CVE-2019-19694
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product’s malware protection functions or the entire product completely..
Source: CVE-2019-19694
CVE-2020-8960
CVE-2020-8960
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.
Source: CVE-2020-8960
CVE-2020-9320
CVE-2020-9320
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK.
Source: CVE-2020-9320
CVE-2020-8990
CVE-2020-8990
Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.
Source: CVE-2020-8990
CVE-2020-9015
CVE-2020-9015
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices allow attackers to bypass intended TACACS+ shell restrictions via a | character.
Source: CVE-2020-9015
CVE-2020-9003
CVE-2020-9003
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
Source: CVE-2020-9003
CVE-2019-16297
CVE-2019-16297
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
Source: CVE-2019-16297
CVE-2019-16302
CVE-2019-16302
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
Source: CVE-2019-16302