Topics

Sort by:
Attacker Value
Very High
Security vulnerabilities in HPE Intelligent Management Center (IMC) PLAT prior to 7.3 (E0705P07) could allow remote code execution.
1
Attacker Value
Very High

CVE-2020-16898 aka Bad Neighbor / Ping of Death Redux

Disclosure Date: October 16, 2020 (last updated October 28, 2020)
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability'.
Attacker Value
High

CVE-2019-11539

Disclosure Date: April 26, 2019 (last updated July 30, 2020)
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
Attacker Value
Very High

CVE-2020-8195

Disclosure Date: July 10, 2020 (last updated July 24, 2020)
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Attacker Value
Very High

CVE-2020-8196

Disclosure Date: July 10, 2020 (last updated July 24, 2020)
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Attacker Value
Very High

Webmin password_change.cgi Command Injection

Disclosure Date: August 16, 2019 (last updated February 28, 2020)
An issue was discovered in Webmin through 1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
14
Attacker Value
Very High

CVE-2018-4878

Disclosure Date: February 06, 2018 (last updated July 24, 2020)
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
Attacker Value
High

CVE-2020-3118 (AKA: CDPwn)

Disclosure Date: February 05, 2020 (last updated July 24, 2020)
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Attacker Value
Very High

CVE-2020-0601, aka NSACrypt

Disclosure Date: January 14, 2020 (last updated July 24, 2020)
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Attacker Value
Very High

CVE-2020-15999 Chrome Freetype 0day

Last updated October 21, 2020
CVE-2020-15999 is a zero-day heap buffer overflow [vulnerability in Google Chrome's implementation of FreeType](https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html), a popular font rendering library. The Google Project Zero team disclosed the vulnerability and released a patch on October 20, 2020, with a warning that the bug is being [actively exploited in the wild](https://twitter.com/benhawkes/status/1318640422571266048).
7