Show filters

Showing topics marked with the following tags:

(1-10 of 24)

Sort by:
Attacker Value
Low

CVE-2019-18634

Disclosure Date: January 29, 2020 (last updated June 05, 2020)
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Attack Vector: Local Privileges: Low User Interaction: None
0
Attacker Value
Very Low

CVE-2020-1425 - Windows Codecs Library RCE

Last updated July 03, 2020
A remote code execution in Windows Codecs Library has been fixed by Microsoft with out-of-band patch on 30th June 2020. The vulnerability allows attacker to remotely execute arbitrary code, if the victim opens maliciously crafted media file.
4
Attacker Value
Low

CVE-2020-0605

Disclosure Date: January 14, 2020 (last updated July 24, 2020)
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
Attack Vector: Network Privileges: None User Interaction: Required
0
Attacker Value
High

CVE-2007-2617

Disclosure Date: May 11, 2007 (last updated July 30, 2020)
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
0
Attacker Value
Moderate

CVE-2020-0662

Disclosure Date: February 11, 2020 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
Attack Vector: Network Privileges: Low User Interaction: None
0
Attacker Value
High

CVE-2018-10933

Last updated March 13, 2020
## Description libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials. ## Patch Availability Patches addressing the issue have been posted to: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/ libssh version 0.8.4 and libssh 0.7.6 have been released to address this issue. ## Workaround There is no workaround for this issue. ## Credit The bug was discovered by Peter Winter-Smith of NCC Group. Patches are provided by the Anderson Toshiyuki Sasaki of Red Hat and the libssh team.
0
Attacker Value
High

Liferay CE 6.0.2 Java Deserialization

Last updated March 02, 2020
Liferay CE 6.0.2 remote code execution via unsafe deserialization
0
Attacker Value
Low

CVE-2020-7208

Disclosure Date: February 13, 2020 (last updated July 24, 2020)
LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.
Attack Vector: Network Privileges: None User Interaction: Required
0
Attacker Value
Moderate

CVE-2020-9484 — PersistentManager Java deserialization vulnerability

Disclosure Date: May 20, 2020 (last updated July 24, 2020)
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
Attack Vector: Local Privileges: Low User Interaction: None
0
Attacker Value
Moderate

CVE-2018-13382

Disclosure Date: June 04, 2019 (last updated July 23, 2020)
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
Attack Vector: Network Privileges: None User Interaction: None
0