Show filters
499 topics marked with the following tags:
Displaying 1-10 of 499
Sort by:
Attacker Value
Low

CVE-2019-17240

Disclosure Date: October 06, 2019 (last updated October 06, 2023)
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Attacker Value
Low

CVE-2020-8819

Disclosure Date: February 25, 2020 (last updated October 06, 2023)
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
Attacker Value
Low

CVE-2020-8818

Disclosure Date: February 25, 2020 (last updated October 06, 2023)
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
Attacker Value
High

CVE-2020-9850

Disclosure Date: June 09, 2020 (last updated October 06, 2023)
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
Attacker Value
Moderate

CVE-2020-10799

Disclosure Date: March 20, 2020 (last updated October 06, 2023)
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
Attacker Value
Very High

CVE-2019-1414

Disclosure Date: January 24, 2020 (last updated October 06, 2023)
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
Attacker Value
Low

CVE-2023-24488

Disclosure Date: July 10, 2023 (last updated November 08, 2023)
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting
Attacker Value
Moderate

CVE-2020-5252

Disclosure Date: March 23, 2020 (last updated October 06, 2023)
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, cl…
Attacker Value
Very Low

CVE-2020-9266

Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Attacker Value
Very Low

CVE-2019-9848

Disclosure Date: July 17, 2019 (last updated November 08, 2023)
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.