CVSS: 8.8EPSS: 4%CPEs: 33EXPL: 0CVE-2020-0760
https://notcve.org/view.php?id=CVE-2020-0760
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. Hay una vulnerabilidad de ejecución de código remota cuando Microsoft Office carga inapropiadamente bibliotecas de tipos arbitrarios, también se conoce como "Microsoft Office Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-0991. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760 •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2020-5855
https://notcve.org/view.php?id=CVE-2020-5855
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. Cuando la funcionalidad Windows Logon Integration está configurada para todas las versiones de BIG-IP Edge Client para Windows, los usuarios no autorizados que tienen acceso físico a la máquina de un usuario autorizado pueden obtener acceso de shell bajo un usuario no privilegiado. • https://support.f5.com/csp/article/K55102004 •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2019-18780
https://notcve.org/view.php?id=CVE-2019-18780
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. Una vulnerabilidad de inyección de comandos arbitraria en el componente Cluster Server de Veritas InfoScale, permite a un atacante remoto no autenticado ejecutar comandos arbitrarios como root o administrador. Estos productos de Veritas están afectados: Access versión 7.4.2 y anteriores, Access Appliance versión 7.4.2 y anteriores, Flex Appliance versión 1.2 y anteriores, InfoScale versión 7.3.1 y anteriores, InfoScale versiones entre 7.4.0 y 7.4.1, Veritas Cluster Server (VCS) versión 6.2.1 y anteriores en Linux/UNIX, Veritas Cluster Server (VCS) versión 6.1 y anteriores en Windows, Storage Foundation HA (SFHA) versión 6.2.1 y anteriores en Linux/UNIX y Storage Foundation HA (SFHA) versión 6.1 y anteriores en Windows. • https://www.veritas.com/content/support/en_US/security/VTS19-003 https://www.veritas.com/content/support/en_US/security/VTS19-004 https://www.veritas.com/content/support/en_US/security/VTS19-005 https://www.veritas.com/content/support/en_US/security/VTS19-006 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12574
https://notcve.org/view.php?id=CVE-2019-12574
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM. Una vulnerabilidad en el cliente VPN de Private Internet Access (PIA) versiones 1.0 de London Trust Media para Windows, podría permitir a un atacante local autenticado ejecutar código arbitrario con privilegios elevados. • https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12574.txt • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-12572
https://notcve.org/view.php?id=CVE-2019-12572
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service (pia-service.exe) loads the OpenSSL library from %PROGRAMFILES%\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file which does not exist. By default on Windows systems, authenticated users can create directories under C:\. A low privileged user can create a C:\etc\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in arbitrary code execution as SYSTEM when the service starts. • https://blog.mirch.io/2019/06/10/cve-2019-12572-pia-windows-privilege-escalation-malicious-openssl-engine https://github.com/mirchr/security-research/blob/master/vulnerabilities/PIA/CVE-2019-12572.txt • CWE-427: Uncontrolled Search Path Element •