Show filters
475 topics marked with the following tags:
Displaying 11-20 of 475
Sort by:
Attacker Value
Moderate
CVE-2020-15900
Disclosure Date: July 28, 2020 (last updated November 08, 2023)
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
1
Attacker Value
Low
CVE-2020-13160
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
1
Attacker Value
Very High
CVE-2020-6364 — OS Command Injection Vulnerability in CA Introscope Enterprise …
Disclosure Date: October 15, 2020 (last updated October 07, 2023)
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
0
Attacker Value
Moderate
CVE-2020-10245
Disclosure Date: March 26, 2020 (last updated October 06, 2023)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
4
Attacker Value
Moderate
CVE-2020-12004
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
1
Attacker Value
Low
CVE-2022-0739
Disclosure Date: March 21, 2022 (last updated October 07, 2023)
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
1
Attacker Value
High
CVE-2020-7373
Disclosure Date: October 30, 2020 (last updated October 07, 2023)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
1
Attacker Value
Very High
CVE-2020-8010 Nimbus protocol allows unauth read/write/execute
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
1
Attacker Value
Very Low
CVE-2022-35737
Disclosure Date: August 03, 2022 (last updated March 28, 2024)
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
2
Attacker Value
Very Low
CVE-2023-2991
Disclosure Date: June 22, 2023 (last updated October 08, 2023)
Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message
2