Show filters
465 topics marked with the following tags:
Displaying 1-10 of 465
Sort by:
Attacker Value
Moderate

CVE-2019-7548

Disclosure Date: February 06, 2019 (last updated October 06, 2023)
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Attacker Value
Moderate

CVE-2023-20178

Disclosure Date: June 07, 2023 (last updated January 25, 2024)
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
Attacker Value
Moderate

CVE-2020-3158

Disclosure Date: February 20, 2020 (last updated October 06, 2023)
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.
Attacker Value
High

CVE-2016-10225

Disclosure Date: March 27, 2017 (last updated October 05, 2023)
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Attacker Value
Moderate

CVE-2020-10245

Disclosure Date: March 26, 2020 (last updated October 06, 2023)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Attacker Value
Unknown

CVE-2021-34787

Disclosure Date: October 27, 2021 (last updated November 08, 2023)
A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.
Attacker Value
Very High

CVE-2023-0129

Disclosure Date: January 10, 2023 (last updated October 08, 2023)
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
Attacker Value
Very Low

CVE-2022-29799 "Nimbuspwn"

Disclosure Date: September 21, 2022 (last updated October 08, 2023)
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.
Attacker Value
Very High

CVE-2023-37580

Disclosure Date: July 31, 2023 (last updated October 08, 2023)
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Attacker Value
Moderate

CVE-2020-10204

Disclosure Date: April 01, 2020 (last updated October 06, 2023)
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.