Show filters
418 topics marked with the following tags:
Displaying 11-20 of 418
Sort by:
Attacker Value
Very Low
CVE-2020-9266
Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
0
Attacker Value
Very High
CVE-2020-8010 Nimbus protocol allows unauth read/write/execute
Disclosure Date: February 18, 2020 (last updated September 27, 2021)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
1
Attacker Value
Very High
CVE-2020-9338
Disclosure Date: February 22, 2020 (last updated June 05, 2020)
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
0
Attacker Value
Unknown
CVE-2021-41349
Disclosure Date: November 10, 2021 (last updated November 11, 2021)
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.
1
Attacker Value
Very High
CVE-2020-26352
Last updated January 20, 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
1
Attacker Value
High
CVE-2020-7373
Disclosure Date: October 30, 2020 (last updated November 13, 2020)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
1
Attacker Value
Very Low
CVE-2020-9340
Disclosure Date: February 22, 2020 (last updated June 05, 2020)
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
0
Attacker Value
Low
CVE-2020-0986
Disclosure Date: June 09, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
3
Attacker Value
Low
CVE-2020-9268
Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
0
Attacker Value
High
CVE-2021-26295
Disclosure Date: March 22, 2021 (last updated March 26, 2021)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
2