CVE-2020-8838
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.
Source: CVE-2020-8838
CVE-2019-19034
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.
Source: CVE-2019-19034
CVE-2020-9392
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
Source: CVE-2020-9392
CVE-2020-9760
An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick.
Source: CVE-2020-9760
CVE-2020-6424
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: CVE-2020-6424
CVE-2020-7935
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.
Source: CVE-2020-7935
CVE-2020-6425
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
Source: CVE-2020-6425
CVE-2020-9759
An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash.
Source: CVE-2020-9759
CVE-2020-8511
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
Source: CVE-2020-8511
CVE-2020-6422
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: CVE-2020-6422