Show filters
73 topics marked with the following tags:
Displaying 1-10 of 73
Sort by:
Attacker Value
Very Low
CVE-2020-1425 - Windows Codecs Library RCE
Last updated July 03, 2020
A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020.
The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file.
4
Attacker Value
Very High
CVE-2019-5596
Disclosure Date: February 12, 2019 (last updated July 24, 2020)
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
0
Attacker Value
High
CVE-2022-21857
Last updated February 08, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability.
1
Attacker Value
Very Low
CVE-2019-11771
Disclosure Date: July 17, 2019 (last updated July 24, 2020)
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
1
Attacker Value
Low
CVE-2020-7208
Disclosure Date: February 13, 2020 (last updated July 24, 2020)
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
0
Attacker Value
Very Low
CVE-2019-11773
Disclosure Date: September 12, 2019 (last updated October 29, 2021)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
1
Attacker Value
Moderate
CVE-2020-28948
Disclosure Date: November 19, 2020 (last updated December 03, 2020)
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
2
Attacker Value
Low
CVE-2020-14942
Disclosure Date: June 21, 2020 (last updated June 27, 2020)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
0
Attacker Value
High
CVE-2007-2617
Disclosure Date: May 11, 2007 (last updated July 30, 2020)
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
0
Attacker Value
Very Low
CVE-2018-1890
Disclosure Date: March 11, 2019 (last updated July 24, 2020)
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
1