Show filters
106 topics marked with the following tags:
Displaying 41-50 of 106
Requires user interaction
Sort by:
Attacker Value
High

CVE-2021-36976

Disclosure Date: July 20, 2021 (last updated March 28, 2024)
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
Low

CVE-2020-9442

Disclosure Date: February 28, 2020 (last updated October 06, 2023)
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
2
Attacker Value
Low

CVE-2021-38406

Disclosure Date: September 09, 2021 (last updated October 07, 2023)
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
3
1
Attacker Value
Very Low

CVE-2020-5261

Disclosure Date: March 25, 2020 (last updated October 06, 2023)
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
1
Attacker Value
High

CVE-2022-21840

Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Microsoft Office Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
High

CVE-2023-35636

Disclosure Date: December 12, 2023 (last updated December 15, 2023)
Microsoft Outlook Information Disclosure Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
2
1
Attacker Value
High

CVE-2023-24935

Disclosure Date: April 11, 2023 (last updated May 29, 2024)
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
2
1
Attacker Value
Moderate

CVE-2021-38152

Last updated August 09, 2021
CVE-mitre:index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS. nu11secur1ty: XSS-Stored - Brutal PWNED on Chikitsa 2.0.0 parameter "name" + User: Unrestricted File Upload ".php"
1
1
Attacker Value
Very Low

Unknown iOS Mail.App RCE ZecOps

Last updated May 13, 2020
To quote the Reuters report: "To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details." So, it sounds like a font or other kind of render thing in Mail.App. No clicks required other than opening the email.
4
2
Attacker Value
Moderate

CVE-2021-38603

Disclosure Date: August 12, 2021 (last updated October 07, 2023)
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
1
1
View More Topics  < Previous  Next >