CVE-2020-13651

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-829
View all →

Vulnerability Description

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer.

Related Vulnerabilities

CVE-2021-33626

HIGH
CVSS:7.8(High)

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Thi...

CWE-8292021

CVE-2021-34398

HIGH
CVSS:7.8(High)

NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead ...

CWE-8292021

CVE-2021-34692

HIGH
CVSS:7.8(High)

iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.

CWE-8292021

CVE-2022-24232

HIGH
CVSS:7.8(High)

A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CWE-8292022

CVE-2022-25485

HIGH
CVSS:7.8(High)

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.

CWE-8292022

CVE-2022-25486

HIGH
CVSS:7.8(High)

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

CWE-8292022