Show filters
348 topics marked with the following tags:
Displaying 1-10 of 348
Sort by:
Attacker Value
High

CVE-2020-9850

Disclosure Date: June 09, 2020 (last updated October 07, 2020)
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
Attacker Value
Moderate

CVE-2020-10799

Disclosure Date: March 20, 2020 (last updated June 05, 2020)
The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
Attacker Value
Low

CVE-2019-17240

Disclosure Date: October 06, 2019 (last updated September 02, 2020)
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Attacker Value
Low

CVE-2020-8819

Disclosure Date: February 25, 2020 (last updated June 05, 2020)
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
Attacker Value
Low

CVE-2020-8818

Disclosure Date: February 25, 2020 (last updated June 05, 2020)
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
Attacker Value
Very High

CVE-2019-1414

Disclosure Date: January 24, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
Attacker Value
High

CVE-2016-10225

Disclosure Date: March 27, 2017 (last updated April 22, 2021)
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Attacker Value
High

CVE-2007-2617

Disclosure Date: May 11, 2007 (last updated July 30, 2020)
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
0
Attacker Value
High

CVE-2017-5689

Disclosure Date: May 02, 2017 (last updated July 30, 2020)
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Attacker Value
High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated November 13, 2020)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.