Show filters
464 topics marked with the following tags:
Displaying 11-20 of 464
Sort by:
Attacker Value
High
CVE-2021-26897
Disclosure Date: March 11, 2021 (last updated December 30, 2023)
Windows DNS Server Remote Code Execution Vulnerability
5
Attacker Value
Very Low
CVE-2019-9169
Disclosure Date: February 26, 2019 (last updated November 08, 2023)
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
0
Attacker Value
Moderate
CVE-2020-8091
Disclosure Date: January 27, 2020 (last updated October 06, 2023)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
1
Attacker Value
High
CVE-2020-2555
Disclosure Date: January 15, 2020 (last updated October 06, 2023)
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3
Attacker Value
Very High
CVE-2020-15506
Disclosure Date: July 07, 2020 (last updated October 07, 2023)
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
1
Attacker Value
Very High
CVE-2020-16875
Disclosure Date: September 11, 2020 (last updated January 01, 2024)
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p>
<p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
4
Attacker Value
Moderate
CVE-2020-10740
Disclosure Date: June 22, 2020 (last updated November 08, 2023)
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
1
Attacker Value
Very Low
CVE-2020-28198
Disclosure Date: May 06, 2021 (last updated November 08, 2023)
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
1
Attacker Value
Low
CVE-2020-15408
Disclosure Date: July 28, 2020 (last updated October 07, 2023)
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
0
Attacker Value
Low
CVE-2020-0543 CROSSTALK
Disclosure Date: June 15, 2020 (last updated July 24, 2020)
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1
