» 2020 » 3월

CVE-2015-7335

Posted on 2020년 3월 28일2020년 3월 28일 by admin

CVE-2015-7335

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.

Source: CVE-2015-7335

CVE-2015-7336

Posted on 2020년 3월 28일2020년 3월 28일 by admin

CVE-2015-7336

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

Source: CVE-2015-7336

CVE-2015-8534

Posted on 2020년 3월 28일2020년 3월 28일 by admin

CVE-2015-8534

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.

Source: CVE-2015-8534

CVE-2015-8535

Posted on 2020년 3월 28일2020년 3월 28일 by admin

CVE-2015-8535

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.

Source: CVE-2015-8535

CVE-2015-8536

Posted on 2020년 3월 28일2020년 3월 28일 by admin

CVE-2015-8536

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.

Source: CVE-2015-8536

CVE-2015-7333

Posted on 2020년 3월 28일2020년 3월 28일 by admin

CVE-2015-7333

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.

Source: CVE-2015-7333

CVE-2020-7918

Posted on 2020년 3월 27일2020년 3월 28일 by admin

CVE-2020-7918

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.

Source: CVE-2020-7918

CVE-2020-10607

Posted on 2020년 3월 27일2020년 3월 28일 by admin

CVE-2020-10607

In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

Source: CVE-2020-10607

CVE-2020-1771

Posted on 2020년 3월 27일2020년 3월 27일 by admin

CVE-2020-1771

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Source: CVE-2020-1771

CVE-2020-1773

Posted on 2020년 3월 27일2020년 3월 27일 by admin

CVE-2020-1773

It’s possible that an authenticated user guess other session IDs based on its own. Also it’s possible to guess a password reset token or an automated password generated. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.

Source: CVE-2020-1773