Show filters
190 topics marked with the following tags:
Displaying 31-40 of 190
Sort by:
Attacker Value
Very Low
CVE-2020-28198
Disclosure Date: May 06, 2021 (last updated November 08, 2023)
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
1
Attacker Value
High
CVE-2021-31181
Disclosure Date: May 11, 2021 (last updated October 07, 2023)
Microsoft SharePoint Remote Code Execution Vulnerability
4
Attacker Value
High
CVE-2022-24780
Disclosure Date: April 05, 2022 (last updated October 07, 2023)
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
1
Attacker Value
Very High
CVE-2022-41800
Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
1
Attacker Value
High
CVE-2020-7460
Disclosure Date: August 06, 2020 (last updated October 07, 2023)
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
0
Attacker Value
Moderate
CVE-2020-14295
Disclosure Date: June 17, 2020 (last updated November 08, 2023)
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
3
Attacker Value
Low
CVE-2020-9269
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
0
Attacker Value
Moderate
CVE-2021-42847
Disclosure Date: November 11, 2021 (last updated October 07, 2023)
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
2
Attacker Value
Moderate
CVE-2018-18629
Disclosure Date: December 20, 2018 (last updated October 06, 2023)
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
0
Attacker Value
Very High
CVE-2019-16097
Disclosure Date: September 08, 2019 (last updated October 06, 2023)
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
0
