Show filters
34,014 Total Results
Displaying 21-30 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very Low

CVE-2022-29799 "Nimbuspwn"

Disclosure Date: September 21, 2022 (last updated October 08, 2023)
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.
Attacker Value
High

CVE-2022-33891

Disclosure Date: July 18, 2022 (last updated October 07, 2023)
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
Attacker Value
Unknown

CVE-2022-0847

Disclosure Date: March 10, 2022 (last updated October 07, 2023)
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Attacker Value
Moderate

CVE-2021-39609

Disclosure Date: August 23, 2021 (last updated October 07, 2023)
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
Attacker Value
Very High

CVE-2021-39144

Disclosure Date: August 23, 2021 (last updated November 08, 2023)
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Attacker Value
High

CVE-2021-33909

Disclosure Date: July 20, 2021 (last updated November 08, 2023)
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
Attacker Value
High

CVE-2021-33771

Disclosure Date: July 14, 2021 (last updated December 29, 2023)
Windows Kernel Elevation of Privilege Vulnerability
Attacker Value
Moderate

CVE-2021-3438

Disclosure Date: May 20, 2021 (last updated October 07, 2023)
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
Attacker Value
High

CVE-2020-3153

Disclosure Date: February 20, 2020 (last updated October 06, 2023)
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Attacker Value
Moderate

CVE-2020-0668

Disclosure Date: February 11, 2020 (last updated October 06, 2023)
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672.