NVD disclosure day
CVE-2020-1350
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
A vulnerability in Windows Domain Name System servers allows for remote code execution when requests are improperly handled. This impacts affected servers, potentially leading to unauthorized system access and data compromise. Organizations face business risk due to potential system control by attackers.
CVE-2020-1147
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio. This occurs when the software does not properly validate the source of XML file input. Attackers could exploit this to execute code within the affected system, posing a risk to data and operations.
CVE-2020-1040
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability exists in Microsoft Windows Server's Hyper-V RemoteFX vGPU, allowing an authenticated user within a guest operating system to execute code on the host server. This could compromise host systems and data. Organizations using affected Windows Server versions should address this.
CVE-2020-6287
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
SAP NetWeaver AS Java systems are vulnerable to unauthorized configuration access due to a missing authentication check. This allows unauthenticated attackers to execute critical tasks, potentially creating administrative users and compromising system confidentiality, integrity, and availability. The business risk incl