Show filters

Showing topic results for "":

(11-20 of 16119)

Sort by:
Attacker Value
Low

CVE-2019-18634

Disclosure Date: January 29, 2020 (last updated June 05, 2020)
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Attacker Value
Moderate

CVE-2019-2215

Disclosure Date: October 11, 2019 (last updated July 30, 2020)
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Attacker Value
Very High

CVE-2020-10977

Disclosure Date: April 08, 2020 (last updated June 05, 2020)
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Attacker Value
High

CVE-2019-1458

Disclosure Date: December 10, 2019 (last updated July 24, 2020)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Attacker Value
High

CVE-2020-7460

Disclosure Date: August 06, 2020 (last updated August 28, 2020)
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
Attacker Value
Unknown

CVE-2020-1020

Disclosure Date: April 15, 2020 (last updated September 02, 2020)
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
Attacker Value
Unknown

CVE-2019-7287

Disclosure Date: December 18, 2019 (last updated July 24, 2020)
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.
Attacker Value
High

CVE-2020-1147

Disclosure Date: July 14, 2020 (last updated August 28, 2020)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Attacker Value
Low

CVE-2020-0543 CROSSTALK

Disclosure Date: June 15, 2020 (last updated July 24, 2020)
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Attacker Value
High

CVE-2020-1313

Disclosure Date: June 09, 2020 (last updated October 07, 2020)
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.