Show filters
86 topics marked with the following tags:
Displaying 1-10 of 86
Sort by:
Attacker Value
Very Low

CVE-2020-1425 - Windows Codecs Library RCE

Last updated July 03, 2020
A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020. The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file.
4
Attacker Value
Very High

CVE-2023-5009

Last updated September 19, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
1
Attacker Value
Low

CVE-2023-34152

Last updated May 30, 2023
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
1
Attacker Value
Very High

CVE-2019-5596

Disclosure Date: February 12, 2019 (last updated July 24, 2020)
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.
Attacker Value
High

CVE-2022-21857

Last updated February 08, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability.
1
Attacker Value
Very Low

CVE-2019-11771

Disclosure Date: July 17, 2019 (last updated July 24, 2020)
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Attacker Value
Low

CVE-2020-14942

Disclosure Date: June 21, 2020 (last updated June 27, 2020)
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
Attacker Value
High

CVE-2023-25690

Last updated May 24, 2023
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
8
Attacker Value
Low

CVE-2020-7208

Disclosure Date: February 13, 2020 (last updated July 24, 2020)
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
Attacker Value
Very Low

CVE-2019-11773

Disclosure Date: September 12, 2019 (last updated October 29, 2021)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.