Show filters
100 topics marked with the following tags:
Displaying 1-10 of 100
Sort by:
Attacker Value
Low
CVE-2023-34152
Disclosure Date: May 30, 2023 (last updated October 08, 2023)
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
2
Attacker Value
Very High
CVE-2023-5009
Disclosure Date: September 19, 2023 (last updated October 08, 2023)
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
2
Attacker Value
Very Low
CVE-2020-1425 - Windows Codecs Library RCE
Last updated July 03, 2020
A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020.
The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file.
5
Attacker Value
Low
CVE-2020-7208
Disclosure Date: February 13, 2020 (last updated October 06, 2023)
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
0
Attacker Value
Very High
CVE-2019-5596
Disclosure Date: February 12, 2019 (last updated October 06, 2023)
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
0
Attacker Value
Very High
CVE-2023-47218
Disclosure Date: February 13, 2024 (last updated February 13, 2024)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
3
Attacker Value
High
CVE-2022-21857
Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Active Directory Domain Services Elevation of Privilege Vulnerability
1
Attacker Value
Very Low
CVE-2019-11771
Disclosure Date: July 17, 2019 (last updated October 06, 2023)
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
1
Attacker Value
Very Low
CVE-2019-11773
Disclosure Date: September 12, 2019 (last updated October 06, 2023)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
1
Attacker Value
Moderate
CVE-2020-28948
Disclosure Date: November 19, 2020 (last updated November 08, 2023)
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
3