Showing topics marked with the following tags:

(10 of 19)

Sort by:
Attacker Value
Very High

CVE-2019-5596

Disclosure Date: February 12, 2019 (last updated March 10, 2020)
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
Attack Vector: Local
0
Attacker Value
High

CVE-2019-9627

Disclosure Date: March 08, 2019 (last updated March 10, 2020)
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
Attack Vector: Local
0
Attacker Value
Moderate

CVE-2019-10692

Disclosure Date: April 02, 2019 (last updated June 02, 2020)
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-5260

Disclosure Date: April 14, 2020 (last updated May 07, 2020)
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.
Attack Vector: Network
1
Attacker Value
Moderate

CVE-2018-13382

Disclosure Date: June 04, 2019 (last updated March 10, 2020)
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
Attack Vector: Network
0
Attacker Value
High

CVE-2007-2617

Disclosure Date: May 11, 2007 (last updated June 02, 2020)
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
0
Attacker Value
High

Liferay CE 6.0.2 Java Deserialization

Last updated March 02, 2020
Liferay CE 6.0.2 remote code execution via unsafe deserialization
Utility Class: RCE
0
Attacker Value
Low

CVE-2020-0605

Disclosure Date: January 14, 2020 (last updated March 10, 2020)
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
Attack Vector: Network
0
Attacker Value
Very High

CVE-2019-16097

Disclosure Date: September 08, 2019 (last updated March 10, 2020)
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
Attack Vector: Network
0
Attacker Value
High

CVE-2020-11100

Disclosure Date: April 02, 2020 (last updated May 12, 2020)
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Attack Vector: Network
0