Topics

Sort by:
Attacker Value
Very Low

CVE-2020-14932

Disclosure Date: June 20, 2020 (last updated June 27, 2020)
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.
Attack Vector: Network
0
Attacker Value
Very Low

CVE-2020-14933

Disclosure Date: June 20, 2020 (last updated June 27, 2020)
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-13160

Disclosure Date: June 09, 2020 (last updated July 03, 2020)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Attack Vector: Network
0
Attacker Value
Very High

CVE-2020-7356

Last updated June 30, 2020
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
0
Attacker Value
Very Low

CVE-2019-9169

Disclosure Date: February 26, 2019 (last updated June 13, 2020)
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-0543 CROSSTALK

Disclosure Date: June 15, 2020 (last updated June 26, 2020)
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Attack Vector: Local
1
Attacker Value
Low

Webmin 1.900 Upload Execution

Disclosure Date: March 07, 2019 (last updated June 15, 2020)
Webmin 1.900 allows authenticated users with "Upload and Download" module access to upload cgi files to a webroot subdirectory and the uploaded files can be executed by sending requests to the web server.
Utility Class: Shell
0
Attacker Value
High

CVE-2020-0796 - SMBGhost

Last updated April 21, 2020
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
Utility Class: RCE
1
Attacker Value
Low

CVE-2020-1241

Disclosure Date: June 09, 2020 (last updated June 15, 2020)
A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.
Attack Vector: Local
1
Attacker Value
Very High

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability

Disclosure Date: April 27, 2020 (last updated June 05, 2020)
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
Attack Vector: Network
2