Show filters
119 topics marked with the following tags:
Displaying 61-70 of 119
Sort by:
Attacker Value
Low

CVE-2022-1043

Disclosure Date: August 29, 2022 (last updated October 08, 2023)
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
Attacker Value
Very Low
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
0
Attacker Value
Very Low

TCP SACK PANIC

Last updated February 13, 2020
A Linux kernel vulnerability in TCP networking could allow DoS > CVE-2019-11477 is considered an Important severity, whereas CVE-2019-11478 and CVE-2019-11479 are considered a Moderate severity. The first two are related to the Selective Acknowledgement (SACK) packets combined with Maximum Segment Size (MSS), the third solely with the Maximum Segment Size (MSS). Vulnerable code exists in https://github.com/torvalds/linux/blob/master/include/linux/skbuff.h This might stick around in various embedded hardware, which could be more disasterous if DoS'ed, but it's too early to tell.
0
Attacker Value
Moderate

CVE-2020-17091

Disclosure Date: November 11, 2020 (last updated November 28, 2024)
Microsoft Teams Remote Code Execution Vulnerability
3
Attacker Value
Very Low

CVE-2017-9798

Disclosure Date: September 18, 2017 (last updated November 08, 2023)
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Attacker Value
Moderate

CVE-2018-13382

Disclosure Date: June 04, 2019 (last updated July 25, 2024)
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
Attacker Value
Low

CVE-2024-6531

Disclosure Date: July 11, 2024 (last updated July 12, 2024)
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
2
Attacker Value
Moderate

CVE-2023-23396

Disclosure Date: March 14, 2023 (last updated May 29, 2024)
Microsoft Excel Denial of Service Vulnerability
Attacker Value
Very High

CVE-2022-31814

Disclosure Date: September 05, 2022 (last updated May 15, 2024)
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
Attacker Value
Very High

CVE-2011-3192

Disclosure Date: August 29, 2011 (last updated October 04, 2023)
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
0

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.