Show filters

Showing topics marked with the following tags:

(1-10 of 142)

Sort by:
Attacker Value
Moderate

CVE-2019-7548

Disclosure Date: February 06, 2019 (last updated June 05, 2020)
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Attacker Value
High

CVE-2016-10225

Disclosure Date: March 27, 2017 (last updated July 30, 2020)
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Attacker Value
Very High

CVE-2018-8302

Disclosure Date: August 15, 2018 (last updated July 24, 2020)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
Attacker Value
Moderate

CVE-2020-10204

Disclosure Date: April 01, 2020 (last updated September 17, 2020)
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
Attacker Value
High

CVE-2020-3950

Disclosure Date: March 17, 2020 (last updated July 30, 2020)
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Attacker Value
Moderate

CVE-2018-13382

Disclosure Date: June 04, 2019 (last updated July 23, 2020)
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
Attacker Value
Moderate

CVE-2020-10245

Disclosure Date: March 26, 2020 (last updated June 05, 2020)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Attacker Value
Moderate

CVE-2020-8200

Disclosure Date: September 18, 2020 (last updated October 07, 2020)
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Attacker Value
Very High

CVE-2020-14511

Disclosure Date: July 15, 2020 (last updated July 31, 2020)
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
Attacker Value
Very High

CVE-2020-1337

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.