» 2020 » 11월

Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.

Source: CVE-2020-24367

CVE-2020-24063

Posted on 2020년 11월 11일2020년 11월 11일 by admin

CVE-2020-24063

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.

Source: CVE-2020-24063

CVE-2020-28409

Posted on 2020년 11월 11일2020년 11월 11일 by admin

CVE-2020-28409

The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.

Source: CVE-2020-28409

CVE-2019-7357

Posted on 2020년 11월 11일2020년 11월 11일 by admin

CVE-2019-7357

Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.

Source: CVE-2019-7357

CVE-2020-23968

Posted on 2020년 11월 11일2020년 11월 11일 by admin

CVE-2020-23968

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramDataIlexS&GLogs{$content}0-sngWSService1.log.

Source: CVE-2020-23968

CVE-2020-27165

Posted on 2020년 11월 11일2020년 11월 11일 by admin

CVE-2020-27165

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28050. Reason: This candidate is a reservation duplicate of CVE-2020-28050. Notes: All CVE users should reference CVE-2020-28050 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2020-27165

CVE-2020-28368

Posted on 2020년 11월 11일2020년 11월 11일 by admin

CVE-2020-28368

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Source: CVE-2020-28368