Show filters
474 topics marked with the following tags:
Displaying 11-20 of 474
Sort by:
Attacker Value
Moderate

CVE-2020-15900

Disclosure Date: July 28, 2020 (last updated November 08, 2023)
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
Attacker Value
Low

CVE-2020-13160

Disclosure Date: June 09, 2020 (last updated October 06, 2023)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Attacker Value
Very High

CVE-2020-6364 — OS Command Injection Vulnerability in CA Introscope Enterprise …

Disclosure Date: October 15, 2020 (last updated October 07, 2023)
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
Attacker Value
Moderate

CVE-2020-10245

Disclosure Date: March 26, 2020 (last updated October 06, 2023)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Attacker Value
Moderate

CVE-2020-12004

Disclosure Date: June 09, 2020 (last updated October 06, 2023)
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attacker Value
Low

CVE-2022-0739

Disclosure Date: March 21, 2022 (last updated October 07, 2023)
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
Attacker Value
High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated October 07, 2023)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Attacker Value
Low

CVE-2019-19908

Disclosure Date: June 19, 2019 (last updated October 06, 2023)
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
Attacker Value
High

CVE-2022-21874

Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Windows Security Center API Remote Code Execution Vulnerability
Attacker Value
Very Low

CVE-2023-2991

Disclosure Date: June 22, 2023 (last updated October 08, 2023)
Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message