Topics

Sort by:
Attacker Value
Low

CVE-2020-25078

Disclosure Date: September 02, 2020 (last updated September 12, 2020)
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
Attacker Value
Moderate

CVE-2021-25281

Disclosure Date: February 27, 2021 (last updated February 28, 2021)
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
2
Attacker Value
Moderate

CVE-2021-21978

Disclosure Date: March 03, 2021 (last updated March 04, 2021)
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
1
Attacker Value
Very High
Microsoft disclosed four actively exploited zero-day vulnerabilities being used to attack on-premises versions of Microsoft Exchange Server. The vulnerabilities identified are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, all of which affect Microsoft Exchange Server. Exchange Online is not affected. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
4
Attacker Value
Very High

CVE-2021-26857

Disclosure Date: March 03, 2021 (last updated March 03, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
2
Attacker Value
Moderate

CVE-2017-5715

Disclosure Date: January 04, 2018 (last updated July 23, 2020)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Attacker Value
Very High

CVE-2021-27101

Disclosure Date: February 16, 2021 (last updated February 18, 2021)
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.
Attacker Value
Very High

CVE-2021-24085

Disclosure Date: February 25, 2021 (last updated March 03, 2021)
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730.
4
Attacker Value
Very High

VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-219…

Disclosure Date: February 24, 2021 (last updated March 02, 2021)
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
9
Attacker Value
Very High

CVE-2020-1472 aka Zerologon

Disclosure Date: August 17, 2020 (last updated November 18, 2020)
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.