Show filters
640 topics marked with the following tags:
Displaying 11-20 of 640
Sort by:
Attacker Value
Moderate

CVE-2020-3158

Disclosure Date: February 20, 2020 (last updated October 06, 2023)
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.
Attacker Value
Very High

CVE-2019-5596

Disclosure Date: February 12, 2019 (last updated October 06, 2023)
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
Attacker Value
High

CVE-2023-28879

Disclosure Date: March 31, 2023 (last updated October 08, 2023)
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Attacker Value
Moderate

CVE-2023-38548

Disclosure Date: November 07, 2023 (last updated November 10, 2023)
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.
6
Attacker Value
Moderate

CVE-2021-26236

Disclosure Date: March 18, 2021 (last updated October 07, 2023)
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
Attacker Value
Moderate

CVE-2020-15900

Disclosure Date: July 28, 2020 (last updated November 08, 2023)
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
Attacker Value
Low

CVE-2024-21306

Disclosure Date: January 09, 2024 (last updated January 13, 2024)
Microsoft Bluetooth Driver Spoofing Vulnerability
Attacker Value
Low

CVE-2020-13160

Disclosure Date: June 09, 2020 (last updated October 06, 2023)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Attacker Value
Moderate

CVE-2017-6527

Disclosure Date: March 09, 2017 (last updated October 05, 2023)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
Attacker Value
Very High

CVE-2020-26352

Disclosure Date: December 02, 2022 (last updated November 08, 2023)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
1