An issue in Dut Computer Control Engineering Co.’s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
CWE-862
CVE-2020-18757
An issue in Dut Computer Control Engineering Co.’s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.
CVE-2020-17533
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the ‘canFlush’ and ‘canPerformSystemActions’ security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.
CVE-2020-1720
A flaw was found in PostgreSQL’s “ALTER … DEPENDS ON EXTENSION”, where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.
CVE-2020-16260
Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
CVE-2020-16027
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user’s disk via a crafted Chrome Extension.