Home

2020年08月の脆弱性

誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》

今月話題になった脆弱性まとめ

CVE-2019-16759

Description from NVD

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Information Acquisition Date:2020/09/01
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL
This vulnerability may involve a PoC.

Description from Forti

vBulletin Routestring widgetConfig Remote Code Execution

This indicates an attack attempt to exploit a Remote Command Execution Vulnerability in vBulletin.The vulnerability is due to an input validation error while parsing a HTTP request in the vulnerable module. A remote attacker could exploit this to execute arbitrary code execution within the context of the application, via a crafted HTTP request.

Information Acquisition Date:2020/09/01

Affected Products

vBulletin Version 5

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently, we are not aware of any vendor supplied patch for this issue.

References

Highest Score:38 (2020/08/11)

脆弱性情報:Har-sia CVE-2019-16759

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2020-1337

Description from NVD

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.

Information Acquisition Date:2020/09/01
CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

Highest Score:53 (2020/08/12)

脆弱性情報:Har-sia CVE-2020-1337

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2020-1380

Description from NVD

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.

Information Acquisition Date:2020/09/01
CVSS 2.0: 7.6 HIGH CVSS 3.x: 7.5 HIGH

Highest Score:43 (2020/08/12)

脆弱性情報:Har-sia CVE-2020-1380

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2020-1464

Description from NVD

A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.

Information Acquisition Date:2020/09/01
CVSS 2.0: 2.1 LOW CVSS 3.x: 5.5 MEDIUM

Highest Score:37 (2020/08/19)

脆弱性情報:Har-sia CVE-2020-1464

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

CVE-2020-1472

Description from NVD

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

Information Acquisition Date:2020/09/01
CVSS 2.0: 9.3 HIGH CVSS 3.x: 10.0 CRITICAL

Highest Score:37 (2020/08/12)

脆弱性情報:Har-sia CVE-2020-1472

管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る

計5件

Tweet