Show filters
102 topics marked with the following tags:
Displaying 31-40 of 102
Sort by:
Attacker Value
Very High
CVE-2021-3723
Disclosure Date: November 12, 2021 (last updated October 07, 2023)
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.
1
Attacker Value
Moderate
CVE-2018-1655
Disclosure Date: June 22, 2018 (last updated October 06, 2023)
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
1
Attacker Value
Low
CVE-2021-21431
Disclosure Date: April 09, 2021 (last updated October 07, 2023)
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1.
1
Attacker Value
Very Low
CVE-2020-15466
Disclosure Date: July 05, 2020 (last updated November 08, 2023)
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
1
Attacker Value
High
CVE-2020-1247
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.
1
Attacker Value
High
CVE-2020-15588
Disclosure Date: July 29, 2020 (last updated October 07, 2023)
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
0
Attacker Value
Low
CVE-2021-24074
Disclosure Date: February 25, 2021 (last updated December 30, 2023)
Windows TCP/IP Remote Code Execution Vulnerability
4
Attacker Value
Low
CVE-2020-0655
Disclosure Date: February 11, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
0
Attacker Value
Very Low
CVE-2018-19131
Disclosure Date: November 09, 2018 (last updated October 06, 2023)
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
0
Attacker Value
Very Low
CVE-2022-29799 "Nimbuspwn"
Disclosure Date: September 21, 2022 (last updated October 08, 2023)
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.
5