Show filters
750 topics marked with the following tags:
Displaying 1-10 of 750
Sort by:
Attacker Value
Unknown

CVE-2018-18556

Disclosure Date: December 17, 2018 (last updated November 27, 2024)
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions and leverage its improper input validation condition to spawn an attacker-controlled shell with root privileges.
Attacker Value
Low

CVE-2022-0739

Disclosure Date: March 21, 2022 (last updated October 07, 2023)
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
Attacker Value
High

CVE-2024-2044

Disclosure Date: March 07, 2024 (last updated March 14, 2024)
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
2
Attacker Value
Moderate

CVE-2020-12004

Disclosure Date: June 09, 2020 (last updated November 28, 2024)
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attacker Value
High

CVE-2021-26897

Disclosure Date: March 11, 2021 (last updated November 28, 2024)
Windows DNS Server Remote Code Execution Vulnerability
5
Attacker Value
Moderate

CVE-2019-20361

Disclosure Date: January 08, 2020 (last updated November 27, 2024)
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Attacker Value
High

CVE-2023-28879

Disclosure Date: March 31, 2023 (last updated October 08, 2023)
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Attacker Value
Moderate

CVE-2020-3158

Disclosure Date: February 20, 2020 (last updated November 27, 2024)
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.
Attacker Value
Very High

CVE-2019-5596

Disclosure Date: February 12, 2019 (last updated November 27, 2024)
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
0
Attacker Value
Moderate

CVE-2023-38548

Disclosure Date: November 07, 2023 (last updated December 22, 2024)
A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.