Show filters
508 topics marked with the following tags:
Displaying 41-50 of 508
Sort by:
Attacker Value
Moderate
CVE-2022-31660
Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
1
Attacker Value
Low
CVE-2019-15126 aka Kr00k
Disclosure Date: February 05, 2020 (last updated October 13, 2020)
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
0
Attacker Value
Moderate
CVE-2018-18629
Disclosure Date: December 20, 2018 (last updated October 06, 2023)
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.
0
Attacker Value
Very Low
CVE-2020-11530
Disclosure Date: May 08, 2020 (last updated October 06, 2023)
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
1
Attacker Value
Low
CVE-2020-7208
Disclosure Date: February 13, 2020 (last updated October 06, 2023)
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
0
Attacker Value
High
CVE-2020-9337
Disclosure Date: February 26, 2020 (last updated October 06, 2023)
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
0
Attacker Value
Moderate
CVE-2019-1436
Disclosure Date: November 12, 2019 (last updated October 06, 2023)
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.
0
Attacker Value
High
CVE-2021-3287
Disclosure Date: April 22, 2021 (last updated October 07, 2023)
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
1
Attacker Value
Very High
CVE-2020-10644
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
1
Attacker Value
High
CVE-2021-25646
Disclosure Date: January 29, 2021 (last updated November 08, 2023)
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
1
