Skip to content

Instantly share code, notes, and snippets.

@apple502j

apple502j/cve-desc.md

Last active February 28, 2021 16:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save apple502j/40d161c52ac95e3d8970016a4ddd78bb to your computer and use it in GitHub Desktop.
Save apple502j/40d161c52ac95e3d8970016a4ddd78bb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cve-desc.md

CVE Description Templates by CNA

Microsoft before 2020

A <Impact> exists when <Product> <Bug>, aka '<Product> <Impact> Vulnerability'.

<Impact> is one of: "remote code execution", "elevation of privilege", "spoofing", "denial of service", "information disclosure", "cross site scripting", "security feature bypass".

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)

Snyk

This affects <Product> before <Patched Version>. <Description>

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function. (CVE-2020-7750)

JPCERT/CC

<Weakness> in <Product> allows <Attacker> to <Impact> via unspeficied vectors.

FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

Google Chrome

<Weakness> in <Component> in <Product> before <Patched Version> allowed <Attacker> to <Impact> via <Attack Vector>.

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment