Topics

Sort by:
Attacker Value
Very High

CVE-2017-8759

Disclosure Date: September 13, 2017 (last updated July 27, 2021)
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Attacker Value
Very High

CVE-2015-1641

Disclosure Date: April 14, 2015 (last updated July 27, 2021)
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
0
Attacker Value
Unknown

CVE-2014-6324 - Microsoft Kerberos Checksum Validation Vulnerability

Disclosure Date: November 18, 2014 (last updated July 27, 2021)
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
0
Attacker Value
High

CVE-2021-33909

Disclosure Date: July 20, 2021 (last updated July 21, 2021)
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
3
Attacker Value
Very High

CVE-2021-35211

Disclosure Date: July 13, 2021 (last updated July 27, 2021)
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
Attacker Value
Moderate

CVE-2021-35501

Disclosure Date: June 25, 2021 (last updated July 02, 2021)
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
Attacker Value
Very High

Webmin password_change.cgi Command Injection

Disclosure Date: August 16, 2019 (last updated February 28, 2020)
An issue was discovered in Webmin through 1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
26
Attacker Value
Unknown

CVE-2021-35479

Last updated June 24, 2021
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
Unknown

CVE-2020-36239

Disclosure Date: July 21, 2021 (last updated July 29, 2021)
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcach…
1
Attacker Value
Very High

CVE-2021-34527 "PrintNightmare"

Disclosure Date: July 02, 2021 (last updated July 14, 2021)
Windows Print Spooler Remote Code Execution Vulnerability