Show filters
479 topics marked with the following tags:
Displaying 1-10 of 479
Sort by:
Attacker Value
Low
CVE-2019-17240
Disclosure Date: October 06, 2019 (last updated October 06, 2023)
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
1
Attacker Value
Very High
CVE-2019-1414
Disclosure Date: January 24, 2020 (last updated October 06, 2023)
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
0
Attacker Value
Moderate
CVE-2020-10799
Disclosure Date: March 20, 2020 (last updated October 06, 2023)
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
0
Attacker Value
Low
CVE-2020-8819
Disclosure Date: February 25, 2020 (last updated October 06, 2023)
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
0
Attacker Value
Low
CVE-2020-8818
Disclosure Date: February 25, 2020 (last updated October 06, 2023)
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
0
Attacker Value
High
CVE-2020-9850
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
1
Attacker Value
Low
CVE-2023-24488
Disclosure Date: July 10, 2023 (last updated November 08, 2023)
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting
1
Attacker Value
Moderate
CVE-2020-5252
Disclosure Date: March 23, 2020 (last updated October 06, 2023)
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, cl…
0
Attacker Value
Unknown
CVE-2021-41349
Disclosure Date: November 10, 2021 (last updated October 07, 2023)
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.
1
Attacker Value
Moderate
CVE-2023-20178
Disclosure Date: June 07, 2023 (last updated October 08, 2023)
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.
This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
2