Show filters
264 topics marked with the following tags:
Displaying 1-10 of 264
Sort by:
Attacker Value
High

CVE-2016-10225

Disclosure Date: March 27, 2017 (last updated April 22, 2021)
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Attacker Value
Moderate

CVE-2019-7548

Disclosure Date: February 06, 2019 (last updated June 05, 2020)
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Attacker Value
Moderate

CVE-2020-3158

Disclosure Date: February 20, 2020 (last updated July 24, 2020)
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.
Attacker Value
Very Low

CVE-2019-11773

Disclosure Date: September 12, 2019 (last updated July 24, 2020)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Attacker Value
High

CVE-2020-3950

Disclosure Date: March 17, 2020 (last updated July 30, 2020)
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Attacker Value
Moderate

CVE-2018-13382

Disclosure Date: June 04, 2019 (last updated June 03, 2021)
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
Attacker Value
Moderate

CVE-2020-10204

Disclosure Date: April 01, 2020 (last updated September 17, 2020)
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
Attacker Value
Very High

CVE-2018-8302

Disclosure Date: August 15, 2018 (last updated July 24, 2020)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
Attacker Value
Low

CVE-2020-14942

Disclosure Date: June 21, 2020 (last updated June 27, 2020)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
Attacker Value
Moderate

CVE-2020-8644

Disclosure Date: February 05, 2020 (last updated July 30, 2020)
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.