Topics

Sort by:
Attacker Value
Low

CVE-2016-7103

Disclosure Date: March 15, 2017 (last updated September 02, 2020)
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Attacker Value
High

CVE-2021-1732

Disclosure Date: February 25, 2021 (last updated March 04, 2021)
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
Attacker Value
Moderate

CVE-2021-22652

Disclosure Date: February 11, 2021 (last updated February 18, 2021)
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
Attacker Value
High

CVE-2021-25646

Disclosure Date: January 29, 2021 (last updated February 02, 2021)
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Attacker Value
Moderate

CVE-2021-1237

Disclosure Date: January 13, 2021 (last updated January 20, 2021)
A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges.
Attacker Value
High

CVE-2020-2555

Disclosure Date: January 15, 2020 (last updated January 20, 2021)
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Attacker Value
Very High

CVE-2021-3156 "Baron Samedit"

Disclosure Date: January 26, 2021 (last updated February 05, 2021)
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Attacker Value
Very High

Webmin password_change.cgi Command Injection

Disclosure Date: August 16, 2019 (last updated February 28, 2020)
An issue was discovered in Webmin through 1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
22
Attacker Value
Very High
Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products. The impacted products are: * Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance
2
Attacker Value
Unknown

CVE-2021-21148

Disclosure Date: February 09, 2021 (last updated February 13, 2021)
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.