CVE-2020-0871: An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network…

CVE-2020-0871 [MEDIUM] Windows Network Connections Service Information Disclosure Vulnerability Windows Network Connections Service Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. To exploit this vulnerability, an authenticated attacker could run a specially crafted application in user mode. The update addresses the vulnerability by correcting how the Windows Network Connections Service handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read

CVE-2023-0871 [HIGH] CWE-611 OpenNMS Horizon XXE Injection Vulnerability OpenNMS Horizon XXE Injection Vulnerability XXE injection in `/rtc/post/ endpoint` in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

CVE-2020-0871 [LOW] CWE-200 GHSA-738x-2c5c-8m22: An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Netwo An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'.

CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage By Jon Munshaw and Vitor Ventura. Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important. This month's patches include updates to Microsoft Media Foundation, the GDI+ API and Windows Defender, among others. Talos released a new

CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage ## Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage By Jon Munshaw and Vitor Ventura. Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important. This month's patches include updates to Microsoft M