CVE-2020-7804
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
Source: CVE-2020-7804
[월:] 2020년 04월
CVE-2020-12446
CVE-2020-12446
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITYSYSTEM.
Source: CVE-2020-12446
CVE-2020-12252
CVE-2020-12252
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter.
Source: CVE-2020-12252
CVE-2020-11675
CVE-2020-11675
Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).
Source: CVE-2020-11675
CVE-2020-11677
CVE-2020-11677
Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).
Source: CVE-2020-11677
CVE-2020-12251
CVE-2020-12251
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.
Source: CVE-2020-12251
CVE-2020-11676
CVE-2020-11676
Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).
Source: CVE-2020-11676
CVE-2020-11674
CVE-2020-11674
Cerner medico 26.00 allows variable reuse, possibly causing data corruption.
Source: CVE-2020-11674
CVE-2020-11446
CVE-2020-11446
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
Source: CVE-2020-11446
CVE-2019-4288
CVE-2019-4288
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631.
Source: CVE-2019-4288