Show filters
31 topics marked with the following tags:
Displaying 21-30 of 31
Sort by:
Attacker Value
Low

CVE-2022-38108

Disclosure Date: October 19, 2022 (last updated October 08, 2023)
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Attacker Value
Moderate

CVE-2021-38699

Disclosure Date: August 15, 2021 (last updated October 07, 2023)
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.
Attacker Value
Moderate

CVE-2017-5715

Disclosure Date: January 04, 2018 (last updated October 06, 2023)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Attacker Value
Very High

CVE-2020-8218

Disclosure Date: July 30, 2020 (last updated February 28, 2024)
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Attacker Value
High

CVE-2023-33137

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
Microsoft Excel Remote Code Execution Vulnerability
Attacker Value
Unknown

CVE-2010-0742

Disclosure Date: June 03, 2010 (last updated October 04, 2023)
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
1
Attacker Value
High

CVE-2023-41179

Disclosure Date: September 19, 2023 (last updated October 08, 2023)
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
Attacker Value
Very High

CVE-2021-27065

Disclosure Date: March 03, 2021 (last updated December 30, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2023-21752

Disclosure Date: January 10, 2023 (last updated October 08, 2023)
Windows Backup Service Elevation of Privilege Vulnerability
Attacker Value
Very High

CVE-2023-32307

Disclosure Date: May 26, 2023 (last updated October 08, 2023)
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.