Show filters
477 topics marked with the following tags:
Displaying 1-10 of 477
Sort by:
Attacker Value
Moderate

CVE-2020-3158

Disclosure Date: February 20, 2020 (last updated October 06, 2023)
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.
Attacker Value
Moderate

CVE-2019-7548

Disclosure Date: February 06, 2019 (last updated October 06, 2023)
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Attacker Value
Moderate

CVE-2023-20178

Disclosure Date: June 07, 2023 (last updated January 25, 2024)
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
Attacker Value
High

CVE-2016-10225

Disclosure Date: March 27, 2017 (last updated October 05, 2023)
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Attacker Value
Moderate

CVE-2020-10245

Disclosure Date: March 26, 2020 (last updated October 06, 2023)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Attacker Value
Very Low

CVE-2019-11773

Disclosure Date: September 12, 2019 (last updated October 06, 2023)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Attacker Value
Very Low

CVE-2018-1890

Disclosure Date: March 11, 2019 (last updated October 06, 2023)
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
Attacker Value
High

CVE-2021-42593

Last updated October 18, 2021
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Low

CVE-2020-14942

Disclosure Date: June 21, 2020 (last updated October 06, 2023)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
Attacker Value
Low

CVE-2024-20328

Disclosure Date: March 01, 2024 (last updated March 02, 2024)
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
2