CyberSecurityBoard
Sponsor Register Login

CVE-2020-1471

<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p> <p>The security update addresses the vulnerability by checking COM objects.</p>

Publication date: Fri, 11 Sep 2020 22:15:00 +0000


Cyber News related to CVE-2020-1471

CVE-2020-1471 - <p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> ...
11 months ago
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
1 year ago Bleepingcomputer.com
Atlassian fixes four critical RCE vulnerabilities, patch quickly! - Atlassian has released security updates for four critical vulnerabilities in its various offerings that could be exploited to execute arbitrary code. CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote ...
1 year ago Helpnetsecurity.com
Atlassian Patches RCE Flaw that Affected Multiple Products - Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in multiple products. The CVEs for these vulnerabilities have been assigned as CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471. ...
1 year ago Gbhackers.com
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - It's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the ...
1 year ago Darkreading.com
Atlassian Patches Critical Remote Code Execution Vulnerabilities - Business software maker Atlassian this week announced updates that address critical-severity remote code execution vulnerabilities in Confluence and other products. Atlassian, which rates the vulnerability with a CVSS score of 9.0, notes that an ...
1 year ago Securityweek.com
CVE-2006-1471 - Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as ...
6 years ago
CVE-2019-1471 - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. ...
5 years ago
CVE-2021-1471 - Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive ...
3 years ago
CVE-2011-1471 - Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. ...
1 year ago
CVE-2023-1471 - The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on ...
1 year ago
CVE-2022-1471 - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor ...
1 year ago
CVE-2014-1471 - SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands ...
54 years ago Tenable.com
CVE-2024-1471 - ...
10 months ago
CVE-2024-42322 - In the Linux kernel, the following vulnerability has been resolved: ...
2 weeks ago
CVE-1999-1471 - Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field. ...
16 years ago
CVE-2002-1471 - The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a ...
16 years ago
CVE-2010-1471 - Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. ...
14 years ago
CVE-2012-1471 - Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. ...
12 years ago
CVE-2013-1471 - Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) ...
11 years ago
CVE-2015-1471 - SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. ...
9 years ago
CVE-2005-1471 - Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. ...
8 years ago
CVE-2001-1471 - prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly ...
1 year ago
CVE-2004-1471 - Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format ...
7 years ago
CVE-2003-1471 - MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)