CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2020-17156 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17156
Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de ejecución de código remota en Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-17100 – Visual Studio Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2020-17100
Visual Studio Tampering Vulnerability Vulnerabilidad de Manipulación de Visual Studio • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17100 •
CVSS: 6.1EPSS: 1%CPEs: 8EXPL: 1CVE-2020-26870
https://notcve.org/view.php?id=CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demostrado al anidar los elementos FORM • https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870 https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass https://www.oracle.com//security-alerts/cpujul2021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-1130 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1130
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de datos, también se conoce como "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130 •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-1133 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1133
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p> Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de archivos, también se conoce como "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133 •