CVE-2020-8468

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

Source: CVE-2020-8468

CVE-2019-20510

rlm_eap/types/rlm_eap_pwd/eap_pwd.c in the EAP-pwd implementation in FreeRADIUS before 3.0.20 allows remote attackers to discover passwords because there is a side-channel information leak associated with the Hunting and Pecking abort for excessive iterations.

Source: CVE-2019-20510

CVE-2019-11939

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.

Source: CVE-2019-11939

CVE-2020-8467

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.

Source: CVE-2020-8467

CVE-2020-3950

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

Source: CVE-2020-3950

CVE-2020-3951

VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.

Source: CVE-2020-3951

CVE-2020-1720

A flaw was found in PostgreSQL’s "ALTER … DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

Source: CVE-2020-1720

CVE-2020-10122

cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).

Source: CVE-2020-10122

CVE-2020-10121

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).

Source: CVE-2020-10121

CVE-2020-10120

cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).

Source: CVE-2020-10120