CVE-2020-25770

CVE-2020-25770

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities.

The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.

Source: CVE-2020-25770

CVE-2020-24565

CVE-2020-24565

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities.

The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.

Source: CVE-2020-24565

CVE-2020-24564

CVE-2020-24564

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities.

The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770.

Source: CVE-2020-24564

CVE-2020-24563

CVE-2020-24563

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution.

An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability.

Source: CVE-2020-24563

CVE-2020-24562

CVE-2020-24562

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution.

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This CVE is similar, but not identical to CVE-2020-24556.

Source: CVE-2020-24562

CVE-2020-26120

CVE-2020-26120

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery’s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.

Source: CVE-2020-26120

CVE-2020-26121

CVE-2020-26121

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.

Source: CVE-2020-26121

CVE-2020-25814

CVE-2020-25814

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it’s empty, etc.). The actual result is that the object contains an <a href ="javascript… that executes when clicked.

Source: CVE-2020-25814

CVE-2020-25828

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn’t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)

Source: CVE-2020-25828