Show filters
96 topics marked with the following tags:
Displaying 31-40 of 96
Sort by:
Attacker Value
High
CVE-2022-21874
Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Windows Security Center API Remote Code Execution Vulnerability
1
Attacker Value
Very Low
CVE-2020-1094
Disclosure Date: April 15, 2020 (last updated October 06, 2023)
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.
0
Attacker Value
Moderate
CVE-2021-35501
Disclosure Date: June 25, 2021 (last updated October 07, 2023)
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
1
Attacker Value
Very Low
CVE-2020-5261
Disclosure Date: March 25, 2020 (last updated October 06, 2023)
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.
0
Attacker Value
Low
CVE-2021-38406
Disclosure Date: September 09, 2021 (last updated October 07, 2023)
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
3
Attacker Value
High
CVE-2022-21840
Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Microsoft Office Remote Code Execution Vulnerability
1
Attacker Value
Moderate
CVE-2021-38603
Disclosure Date: August 12, 2021 (last updated October 07, 2023)
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
1
Attacker Value
High
CVE-2023-24935
Disclosure Date: April 11, 2023 (last updated October 08, 2023)
Microsoft Edge (Chromium-based) Spoofing Vulnerability
2
Attacker Value
Very Low
CVE-2020-5308
Disclosure Date: January 07, 2020 (last updated November 15, 2023)
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.
0
Attacker Value
Low
CVE-2020-9442
Disclosure Date: February 28, 2020 (last updated October 06, 2023)
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
0