» 2020 » 11월

CVE-2020-12346

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-12346

Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

Source: CVE-2020-12346

CVE-2020-24525

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-24525

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Source: CVE-2020-24525

CVE-2020-12350

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-12350

Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access.

Source: CVE-2020-12350

CVE-2020-16273

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-16273

In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension.

Source: CVE-2020-16273

CVE-2020-12349

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-12349

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.

Source: CVE-2020-12349

CVE-2020-12345

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-12345

Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Source: CVE-2020-12345

CVE-2020-26804

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-26804

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

Source: CVE-2020-26804

CVE-2020-26803

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-26803

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.

Source: CVE-2020-26803

CVE-2020-12347

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-12347

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

Source: CVE-2020-12347

CVE-2020-24460

Posted on 2020년 11월 13일2020년 11월 13일 by admin

CVE-2020-24460

Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access.

Source: CVE-2020-24460