Topics

Sort by:
Attacker Value
Very High

CVE-2020-5902

Last updated July 01, 2020
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
2
Attacker Value
Low

Ripple20 Treck TCP/IP Stack Vulnerabilities

Last updated June 18, 2020
Treck IP stack implementations for embedded systems are [affected by multiple vulnerabilities](https://kb.cert.org/vuls/id/257161). This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A [summary of JSOF’s research is here](https://www.jsof-tech.com/ripple20/#ripple-whitepaper), along with a [technical whitepaper](https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf). See the [Rapid7 Analysis tab](https://attackerkb.com/topics/EZhbaWNnwV/ripple20-treck-tcp-ip-stack-vulnerabilities?#rapid7-analysis) for further details.
Utility Class: RCE
7
Attacker Value
Very High

CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication

Disclosure Date: June 29, 2020 (last updated June 30, 2020)
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability.
Utility Class: Other
4
Attacker Value
Unknown
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." !
0
Attacker Value
Moderate

CVE-2020-1170

Disclosure Date: June 09, 2020 (last updated June 13, 2020)
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.
Attack Vector: Local
1
Attacker Value
High

Laravel Framework Unserialize Token RCE (CVE-2018-15133)

Disclosure Date: August 09, 2018 (last updated February 13, 2020)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Utility Class: RCE
1
Attacker Value
High

CVE-2020-7357

Last updated June 30, 2020
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
0
Attacker Value
Very High

CVE-2020-10644

Disclosure Date: June 09, 2020 (last updated June 30, 2020)
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attack Vector: Network
0
Attacker Value
Moderate

CVE-2020-12004

Disclosure Date: June 09, 2020 (last updated June 30, 2020)
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attack Vector: Network
0
Attacker Value
High

CVE-2020-3153

Disclosure Date: February 20, 2020 (last updated June 30, 2020)
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Attack Vector: Local
0