Show filters
85 topics marked with the following tags:
Displaying 41-50 of 85
Sort by:
Attacker Value
Very High
CVE-2020-14511
Disclosure Date: July 15, 2020 (last updated July 31, 2020)
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
0
Attacker Value
High
CVE-2020-1985
Disclosure Date: April 08, 2020 (last updated October 06, 2023)
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
0
Attacker Value
High
CVE-2020-1984
Disclosure Date: April 08, 2020 (last updated October 06, 2023)
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.
0
Attacker Value
Moderate
CVE-2019-17060
Disclosure Date: February 10, 2020 (last updated October 06, 2023)
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.
0
Attacker Value
Very High
CVE-2014-3074
Disclosure Date: July 02, 2014 (last updated October 05, 2023)
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
1
Attacker Value
Moderate
CVE-2019-19195
Disclosure Date: February 10, 2020 (last updated October 06, 2023)
The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
0
Attacker Value
High
CVE-2020-0618
Disclosure Date: February 11, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
0
Attacker Value
Moderate
CVE-2021-35501
Disclosure Date: June 25, 2021 (last updated October 07, 2023)
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
1
Attacker Value
Moderate
CVE-nu11-15-092121
Last updated September 21, 2021
The Student Quarterly Grading System (by: oretnom23 ) is vulnerable to XSS - Stored PHPSESSID Hijacking Vulnerable PWNED. The vulnerable app: is "users", with parameters: "fullname" and "username". After the successful PWNED of the credentials for the admin account. The malicious user can be storing an XSS payload, whit who can take the active PHPSESSID every time when he wants to log in to the system with an admin account by using this exploit.
1
Attacker Value
Unknown
CVE-2023-4904
Disclosure Date: September 12, 2023 (last updated October 18, 2023)
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)
3
