Show filters
418 topics marked with the following tags:
Displaying 11-20 of 418
Sort by:
Attacker Value
Very Low

CVE-2020-9266

Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Attacker Value
Very High

CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

Disclosure Date: February 18, 2020 (last updated September 27, 2021)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Attacker Value
Very High

CVE-2020-9338

Disclosure Date: February 22, 2020 (last updated June 05, 2020)
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
Attacker Value
Unknown

CVE-2021-41349

Disclosure Date: November 10, 2021 (last updated November 11, 2021)
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.
Attacker Value
Very High

CVE-2020-26352

Last updated January 20, 2023
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
1
Attacker Value
High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated November 13, 2020)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Attacker Value
Very Low

CVE-2020-9340

Disclosure Date: February 22, 2020 (last updated June 05, 2020)
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
Attacker Value
Low

CVE-2020-0986

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
Attacker Value
Low

CVE-2020-9268

Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Attacker Value
High

CVE-2021-26295

Disclosure Date: March 22, 2021 (last updated March 26, 2021)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.