Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:42 p.m.10 views

CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

9.3CVSS7AI score0.00889EPSS
Exploits1
NVD
NVD
added 2021/04/09 6:15 p.m.25 views

CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

9.3CVSS0.00889EPSS
Exploits1References1
Prion
Prion
added 2021/04/09 6:15 p.m.19 views

Privilege escalation

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

6.8CVSS7.7AI score0.00889EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/09 5:50 p.m.31 views

CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

9.3CVSS7.8AI score0.00889EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.5 views

jackson-databind: Serialization gadgets in classes of the xalan package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.03958EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2005/07/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects...

5CVSS6.1AI score0.61372EPSS
Exploits4References1
Rows per page
Query Builder