Show filters
504 topics marked with the following tags:
Displaying 11-20 of 504
Sort by:
Attacker Value
Unknown

CVE-2021-41349

Disclosure Date: November 10, 2021 (last updated January 18, 2024)
Microsoft Exchange Server Spoofing Vulnerability
Attacker Value
High

CVE-2016-10225

Disclosure Date: March 27, 2017 (last updated October 05, 2023)
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Attacker Value
High

CVE-2007-2617

Disclosure Date: May 11, 2007 (last updated October 04, 2023)
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
0
Attacker Value
Very High

CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

Disclosure Date: February 18, 2020 (last updated October 06, 2023)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Attacker Value
Very High

CVE-2020-9338

Disclosure Date: February 22, 2020 (last updated October 06, 2023)
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
Attacker Value
Moderate

CVE-2023-20178

Disclosure Date: June 07, 2023 (last updated January 25, 2024)
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
Attacker Value
Very High

Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to vi…

Disclosure Date: January 15, 2020 (last updated October 06, 2023)
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.
Attacker Value
Low

CVE-2020-9339

Disclosure Date: February 22, 2020 (last updated October 06, 2023)
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
Attacker Value
High

CVE-2023-28879

Disclosure Date: March 31, 2023 (last updated October 08, 2023)
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Attacker Value
High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated October 07, 2023)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.