Show filters
468 topics marked with the following tags:
Displaying 11-20 of 468
Sort by:
Attacker Value
Very High
CVE-2023-37580
Disclosure Date: July 31, 2023 (last updated October 08, 2023)
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
2
Attacker Value
Moderate
CVE-2020-10204
Disclosure Date: April 01, 2020 (last updated October 06, 2023)
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
0
Attacker Value
Very High
CVE-2018-8302
Disclosure Date: August 15, 2018 (last updated October 06, 2023)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
0
Attacker Value
Very High
CVE-2022-26809
Disclosure Date: April 15, 2022 (last updated October 07, 2023)
Remote Procedure Call Runtime Remote Code Execution Vulnerability
4
Attacker Value
Very Low
CVE-2018-1890
Disclosure Date: March 11, 2019 (last updated October 06, 2023)
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
1
Attacker Value
High
CVE-2023-0339
Last updated April 19, 2023
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
4
Attacker Value
High
CVE-2021-42593
Last updated October 18, 2021
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Low
CVE-2020-14942
Disclosure Date: June 21, 2020 (last updated October 06, 2023)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
0
Attacker Value
Low
CVE-2024-20328
Disclosure Date: March 01, 2024 (last updated March 02, 2024)
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2
Attacker Value
Very Low
CVE-2019-11773
Disclosure Date: September 12, 2019 (last updated October 06, 2023)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
1
