Show filters
107 topics marked with the following tags:
Displaying 1-10 of 107
Sort by:
Attacker Value
Very Low
Installing a malicious gem may lead to arbitrary code execution
Last updated March 17, 2020
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
0
Attacker Value
High
CVE-2020-27955 — Git Large File Storage / Git LFS (git-lfs) - Remote Code Execu…
Disclosure Date: November 05, 2020 (last updated October 07, 2023)
Git LFS 2.12.0 allows Remote Code Execution.
1
Attacker Value
Moderate
CVE-2021-26236
Disclosure Date: March 18, 2021 (last updated October 07, 2023)
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
1
Attacker Value
Low
CVE-2024-28741
Disclosure Date: April 06, 2024 (last updated April 10, 2024)
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
1
Attacker Value
High
CVE-2020-9337
Disclosure Date: February 26, 2020 (last updated October 06, 2023)
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
0
Attacker Value
Very Low
CVE-2020-13668
Disclosure Date: February 11, 2022 (last updated October 07, 2023)
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
0
Attacker Value
Very Low
CVE-2020-15466
Disclosure Date: July 05, 2020 (last updated November 08, 2023)
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
1
Attacker Value
Moderate
CVE-2021-26419
Disclosure Date: May 11, 2021 (last updated April 17, 2024)
Scripting Engine Memory Corruption Vulnerability
1
Attacker Value
Very Low
CVE-2019-9848
Disclosure Date: July 17, 2019 (last updated November 08, 2023)
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
0
Attacker Value
Very Low
CVE-2020-9266
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
0