Show filters
542 topics marked with the following tags:
Displaying 1-10 of 542
Sort by:
Attacker Value
Low
CVE-2019-17240
Disclosure Date: October 06, 2019 (last updated October 06, 2023)
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
1
Attacker Value
High
CVE-2020-9850
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
1
Attacker Value
Low
CVE-2020-8819
Disclosure Date: February 25, 2020 (last updated October 06, 2023)
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
0
Attacker Value
Low
CVE-2020-8818
Disclosure Date: February 25, 2020 (last updated October 06, 2023)
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
0
Attacker Value
Very High
CVE-2019-1414
Disclosure Date: January 24, 2020 (last updated October 06, 2023)
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
0
Attacker Value
Low
CVE-2023-24488
Disclosure Date: July 10, 2023 (last updated November 08, 2023)
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting
2
Attacker Value
Moderate
CVE-2020-5252
Disclosure Date: March 23, 2020 (last updated October 06, 2023)
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, cl…
0
Attacker Value
Moderate
CVE-2020-10799
Disclosure Date: March 20, 2020 (last updated October 06, 2023)
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
0
Attacker Value
High
CVE-2016-10225
Disclosure Date: March 27, 2017 (last updated October 05, 2023)
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
0
Attacker Value
High
CVE-2007-2617
Disclosure Date: May 11, 2007 (last updated October 04, 2023)
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
0