Show filters
665 topics marked with the following tags:
Displaying 31-40 of 665
Sort by:
Attacker Value
Low

CVE-2024-21306

Disclosure Date: January 09, 2024 (last updated January 13, 2024)
Microsoft Bluetooth Driver Spoofing Vulnerability
Attacker Value
Low

CVE-2020-13160

Disclosure Date: June 09, 2020 (last updated October 06, 2023)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Attacker Value
Moderate

CVE-2017-6527

Disclosure Date: March 09, 2017 (last updated October 05, 2023)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
Attacker Value
Very Low

CVE-2024-31077

Disclosure Date: April 23, 2024 (last updated April 23, 2024)
Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition.
1
Attacker Value
Very High

CVE-2020-26352

Disclosure Date: December 02, 2022 (last updated November 08, 2023)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
1
Attacker Value
High

CVE-2022-46689

Disclosure Date: December 15, 2022 (last updated October 08, 2023)
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
Attacker Value
Moderate

CVE-2021-22652

Disclosure Date: February 11, 2021 (last updated October 07, 2023)
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
Attacker Value
Very High

CVE-2020-11108

Disclosure Date: May 11, 2020 (last updated October 06, 2023)
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
Attacker Value
High

CVE-2022-22957

Disclosure Date: April 13, 2022 (last updated October 07, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Attacker Value
High

CVE-2017-1000353

Disclosure Date: January 29, 2018 (last updated October 06, 2023)
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.