Show filters
769 Total Results
Displaying 31-40 of 769
Sort by:
Attacker Value
Unknown

CVE-2019-15624

Disclosure Date: February 04, 2020 (last updated February 21, 2025)
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-8118

Disclosure Date: February 04, 2020 (last updated February 21, 2025)
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-6815

Disclosure Date: January 31, 2020 (last updated February 21, 2025)
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
Attack Vector: Adjacent NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2006-7246

Disclosure Date: January 27, 2020 (last updated February 21, 2025)
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-20105

Disclosure Date: January 27, 2020 (last updated February 21, 2025)
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-5504

Disclosure Date: January 09, 2020 (last updated February 21, 2025)
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2013-4357

Disclosure Date: December 31, 2019 (last updated November 27, 2024)
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-13730

Disclosure Date: December 10, 2019 (last updated November 08, 2023)
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-5332

Disclosure Date: November 04, 2019 (last updated November 27, 2024)
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-5333

Disclosure Date: November 04, 2019 (last updated November 27, 2024)
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >