Show filters

Showing topic results for "":

(21-30 of 19231)

Sort by:
Attacker Value
Very High

CVE-2020-10977

Disclosure Date: April 08, 2020 (last updated June 05, 2020)
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Attacker Value
Unknown

CVE-2020-8468

Disclosure Date: March 18, 2020 (last updated July 24, 2020)
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Attacker Value
High

CVE-2020-9337

Disclosure Date: February 26, 2020 (last updated June 05, 2020)
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
Attacker Value
High

CVE-2019-1458

Disclosure Date: December 10, 2019 (last updated July 24, 2020)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Attacker Value
Very High

Bludit 3.9.2 remote code execution

Disclosure Date: September 08, 2019 (last updated July 30, 2020)
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
Attacker Value
Very High

CVE-2019-8394

Disclosure Date: February 17, 2019 (last updated June 05, 2020)
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
Attacker Value
High

CVE-2020-17136

Disclosure Date: December 10, 2020 (last updated December 12, 2020)
, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17103, CVE-2020-17134.
Attacker Value
Very High

CVE-2020-9934 - macOS Transparency, Consent, and Control (TCC) Framework bypass

Disclosure Date: October 16, 2020 (last updated October 21, 2020)
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
Attacker Value
Low

CVE-2020-25779

Disclosure Date: October 13, 2020 (last updated October 21, 2020)
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.
Attacker Value
Low

CVE-2020-1464

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.