Topics

Sort by:
Attacker Value
High

CVE-2020-1313

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.
Attack Vector: Local Privileges: None User Interaction: Required
1
Attacker Value
Very High

CVE-2020-1472 aka Zerologon

Last updated September 18, 2020
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Attack Vector: Network Privileges: None User Interaction: None
16
Attacker Value
Very High

CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug

Disclosure Date: February 11, 2020 (last updated September 18, 2020)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Attack Vector: Network Privileges: Low User Interaction: None
3
Attacker Value
Moderate

CVE-2020-5929

Last updated June 05, 2020
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
2
Attacker Value
Very Low

CVE-2020-13668

Last updated September 17, 2020
Drupal 8 and 9 have a reflected cross-site scripting (XSS) vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
1
Attacker Value
Very High

CVE-2019-18393

Disclosure Date: October 24, 2019 (last updated August 28, 2020)
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Attack Vector: Network Privileges: None User Interaction: None
3
Attacker Value
Very High

CVE-2020-1337

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
Attack Vector: Local Privileges: Low User Interaction: None
4
Attacker Value
Very High

CVE-2020-4521

Disclosure Date: September 14, 2020 (last updated September 16, 2020)
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
Attack Vector: Network Privileges: Low User Interaction: None
2
Attacker Value
Very Low

CVE-2020-17382

Last updated August 07, 2020
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Moderate

CVE-2020-8200

Disclosure Date: September 18, 2020 (last updated September 19, 2020)
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
2