CVE-2020-8602

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution...

Design/Logic Flaw

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution...

CVE-2020-8602

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution...

CVE-2020-8602

CVE-2020-8602 affects Trend Micro Deep Security 10.0–12.0 and Trend Micro Vulnerability Protection 2.0 SP2. The issue is in the management consoles where an authenticated attacker with full control privileges can bypass file integrity checks, leading to remote code execution. The NVD entry lists ...

The vulnerability of the uninstaller component of the Cisco AnyConnect Secure Mobility Client for Mac OS allows a perpetrator to influence the integrity of files.

The vulnerability of the uninstaller component of the Cisco AnyConnect Secure Mobility Client for Mac OS relates to improper handling of paths leading to directories. Exploiting this vulnerability can allow an attacker to influence the integrity of files through a specially created symbolic link...

Log Injection

Overview uvicorn is a lightning-fast ASGI server. Affected versions of this package are vulnerable to Log Injection. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its...

CVE-2020-15528

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks...

Design/Logic Flaw

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks...

CVE-2020-15528

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks...

CVE-2020-8177

A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is...

Medium: lftp

Issue Overview: It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled...

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

Input validation

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

CVE-2020-11614

The CVE-2020-11614 entry concerns Mids’ Reborn Hero Designer 2.6.0.7. The vulnerability arises because the application downloads the update manifest and update files over cleartext HTTP and does not perform file integrity validation after download. This enables a man-in-the-middle attacker to rep...

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

Unspecified vulnerability in AppleMobileFileIntegrity component of multiple Apple products (CNVD-2020-34932)

Apple iOS and others are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple macOS Catalina is a specialized operating system developed for Mac computers.Apple MacOS Catalina is a plug-in with file integrit...

Qualys Adds Cloud Agent Linux Support for AWS ARM-Based EC2 Instances

Releasing this week May 26, 2020, Qualys adds Cloud Agent Linux support for Amazon Web Services EC2 instances powered by ARM processors including the new Graviton2 processor. AWS Graviton2 processors power Amazon EC2 M6g, C6g, and R6g instances that provide up to 40% better price performance over...

ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution. ManageEngine DataSecurity Plus Path Traversal / Code Execution Vulnerabilities Identifiers...

ManageEngine DataSecurity Plus Path Traversal / Code Execution

XL-2020-001 - DataSecurity Plus Xnode Server - Remote Code Execution via Path Traversal =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11531 XL-20-001 CVSSv3 score...

ManageEngine DataSecurity Plus Authentication Bypass

XL-2020-002 - DataSecurity Plus Xnode Server - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-11532 XL-20-002 CVSSv3 score ------------------------------------------------...