Show filters
97 topics marked with the following tags:
Displaying 11-20 of 97
Sort by:
Attacker Value
Moderate

CVE-2021-26419

Disclosure Date: May 11, 2021 (last updated April 17, 2024)
Scripting Engine Memory Corruption Vulnerability
Attacker Value
High

CVE-2023-28284

Disclosure Date: April 11, 2023 (last updated October 08, 2023)
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Attacker Value
Low

CVE-2020-7350

Disclosure Date: April 16, 2020 (last updated October 06, 2023)
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.
Attacker Value
Low

CVE-2020-7360

Disclosure Date: August 06, 2020 (last updated October 07, 2023)
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
Attacker Value
Low

CVE-2018-14581

Disclosure Date: July 31, 2018 (last updated October 06, 2023)
Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file.
Attacker Value
Very Low

CVE-2020-28198

Disclosure Date: May 06, 2021 (last updated November 08, 2023)
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Attacker Value
Very High

CVE-2022-41622

Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
High

CVE-2021-28550

Disclosure Date: May 11, 2021 (last updated November 08, 2023)
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Attacker Value
High

CVE-2021-34448

Disclosure Date: July 16, 2021 (last updated December 29, 2023)
Scripting Engine Memory Corruption Vulnerability
Attacker Value
Very Low

CVE-2020-10263 - Smart Speaker Root Shell via internal UART

Disclosure Date: April 08, 2020 (last updated October 06, 2023)
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.