CVE-2020-8893

An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.

Source: CVE-2020-8893

CVE-2020-8892

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.

Source: CVE-2020-8892

CVE-2020-0792

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0715, CVE-2020-0745.

Source: CVE-2020-0792

CVE-2020-0767

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713.

Source: CVE-2020-0767

CVE-2020-0759

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’.

Source: CVE-2020-0759

CVE-2020-0757

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka ‘Windows SSH Elevation of Privilege Vulnerability’.

Source: CVE-2020-0757

CVE-2020-0756

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755.

Source: CVE-2020-0756

CVE-2020-0750

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749.

Source: CVE-2020-0750

CVE-2020-0753

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0754.

Source: CVE-2020-0753

CVE-2020-0749

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka ‘Connected Devices Platform Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0750.

Source: CVE-2020-0749