Show filters
59 topics marked with the following tags:
Displaying 1-10 of 59
Sort by:
Attacker Value
Very Low
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
0
Attacker Value
Moderate

CVE-2021-26419

Disclosure Date: May 11, 2021 (last updated May 18, 2021)
Scripting Engine Memory Corruption Vulnerability
Attacker Value
Low

CVE-2020-7360

Disclosure Date: August 06, 2020 (last updated August 28, 2020)
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
2
Attacker Value
High

CVE-2020-9337

Disclosure Date: February 26, 2020 (last updated June 05, 2020)
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
Attacker Value
Very Low

CVE-2020-13668

Last updated September 17, 2020
Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
1
Attacker Value
Very Low

CVE-2019-9848

Disclosure Date: July 17, 2019 (last updated July 24, 2020)
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Attacker Value
Very Low

CVE-2020-9266

Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Attacker Value
Low

CVE-2020-7350

Disclosure Date: April 16, 2020 (last updated July 30, 2020)
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.
Attacker Value
Very Low

CVE-2020-15466

Disclosure Date: July 05, 2020 (last updated August 28, 2020)
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Attacker Value
Moderate

CVE-2020-0674

Disclosure Date: February 11, 2020 (last updated July 27, 2021)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.