Show filters
59 topics marked with the following tags:
Displaying 11-20 of 59
Sort by:
Attacker Value
Low

CVE-2022-21839

Last updated February 08, 2022
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.
1
Attacker Value
Very Low

CVE-2018-19131

Disclosure Date: November 09, 2018 (last updated June 05, 2020)
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Attacker Value
Low

CVE-2020-3566 - Denial of service vulnerability in Cisco IOS XR

Disclosure Date: August 29, 2020 (last updated September 01, 2020)
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.
1
Attacker Value
Very Low

CVE-2020-28054

Disclosure Date: November 19, 2020 (last updated December 04, 2020)
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
Attacker Value
Very Low

CVE-2020-10560

Disclosure Date: March 30, 2020 (last updated June 05, 2020)
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
Attacker Value
Moderate

CVE-2021-31955

Last updated June 08, 2021
Windows Kernel Information Disclosure Vulnerability The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. The team at Kaspersky have reported threat actors are exploiting this Microsoft Windows OS kernel vulnerability Source: https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
2
Attacker Value
Low

CVE-2020-3569 - Denial of service vulnerability in Cisco IOS XR

Disclosure Date: August 29, 2020 (last updated October 07, 2020)
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.
Attacker Value
Low

CVE-2021-39211

Disclosure Date: September 15, 2021 (last updated September 16, 2021)
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.
Attacker Value
Moderate

CVE-2019-17518

Disclosure Date: February 10, 2020 (last updated June 05, 2020)
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.
Attacker Value
Moderate

CVE-2019-17519

Disclosure Date: February 12, 2020 (last updated June 05, 2020)
The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.