Show filters
96 topics marked with the following tags:
Displaying 1-10 of 96
Sort by:
Attacker Value
Very Low
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
0
Attacker Value
Moderate

CVE-2021-26236

Disclosure Date: March 18, 2021 (last updated October 07, 2023)
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.
Attacker Value
High

CVE-2020-27955 — Git Large File Storage / Git LFS (git-lfs) - Remote Code Execu…

Disclosure Date: November 05, 2020 (last updated October 07, 2023)
Git LFS 2.12.0 allows Remote Code Execution.
Attacker Value
High

CVE-2020-9337

Disclosure Date: February 26, 2020 (last updated October 06, 2023)
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
Attacker Value
Very Low

CVE-2020-13668

Disclosure Date: February 11, 2022 (last updated October 07, 2023)
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.
Attacker Value
Moderate

CVE-2021-26419

Disclosure Date: May 11, 2021 (last updated October 07, 2023)
Scripting Engine Memory Corruption Vulnerability
Attacker Value
Very Low

CVE-2020-15466

Disclosure Date: July 05, 2020 (last updated November 08, 2023)
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Attacker Value
Very Low

CVE-2020-9266

Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
Attacker Value
Very Low

CVE-2019-9848

Disclosure Date: July 17, 2019 (last updated November 08, 2023)
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Attacker Value
High

CVE-2023-28284

Disclosure Date: April 11, 2023 (last updated October 08, 2023)
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability