CVE-2020-12082: CVE-2020-12082 Remediated in Code Insight

*What can cause this vulnerability?* The vulnerability occurs due to improper validation of cmdlet arguments. *Does the attacker need to be in an authenticated role in the Exchange Server?* Yes, the attacker must be authenticated.

*Where can I find more information about Active Directory SAM Account hardening changes?* See Active Directory SAM Account hardening changes.

*Where can I find more information about Active Directory permissions updates?* See Active Directory permissions updates.

*What type of information could be disclosed by this vulnerability?* Exploiting this vulnerability could allow the disclosure of initialized and/or uninitialized memory in the process heap.

*Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?* See Authentication updates.

Tenable added Raspberry Pi support to Nessus v10.0 to help security professionals conduct audits and assessments remotely.

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.

NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.

WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

** DISPUTED ** A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.