Topics

Sort by:
Attacker Value
Very High

CVE-2020-5902 — TMUI RCE vulnerability

Disclosure Date: July 01, 2020 (last updated December 21, 2020)
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
14
8
Attacker Value
Unknown

CVE-2021-31474

Disclosure Date: May 21, 2021 (last updated May 27, 2021)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
High

CVE-2021-31181

Disclosure Date: May 11, 2021 (last updated May 18, 2021)
Microsoft SharePoint Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: LowUser Interaction: None
3
1
Attacker Value
Very High

CVE-2021-21985

Disclosure Date: May 26, 2021 (last updated June 04, 2021)
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
12
2
Attacker Value
Unknown

CVE-2021-31199

Disclosure Date: June 08, 2021 (last updated June 09, 2021)
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31201.
1
1
Attacker Value
Unknown

CVE-2021-31201

Disclosure Date: June 08, 2021 (last updated June 11, 2021)
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31199.
Attack Vector: LocalPrivileges: LowUser Interaction: None
1
1
Attacker Value
Very High

Insecure RDP

Last updated October 09, 2020
There are active attack campaigns as of October 2020 targeting RDP servers without multi-factor authentication enabled.
7
1
Attacker Value
Very High

CVE-2021-21975

Disclosure Date: March 31, 2021 (last updated June 05, 2021)
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
5
1
Attacker Value
High

CVE-2021-28550

Last updated March 16, 2021
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
1
Attacker Value
High

CVE-2021-28482

Disclosure Date: April 13, 2021 (last updated April 15, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
3
1
View More Topics  Next >

Featured

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java
Very High Attacker Value  |  2 Assessments
Insecure RDP
Very High Attacker Value  |  1 Assessments
CVE-2021-31166
Moderate Attacker Value  |  2 Assessments
VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-21972
Very High Attacker Value  |  2 Assessments
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
Very High Attacker Value  |  1 Assessments
CVE-2021-21985
Very High Attacker Value  |  2 Assessments
Multiple Microsoft Exchange zero-day vulnerabilities - HAFNIUM campaign
Very High Attacker Value  |  1 Assessments
CVE-2021-26855
Very High Attacker Value  |  2 Assessments
SonicWall SMA 100 Series 10.x Firmware Zero-Day Vulnerability
Very High Attacker Value  |  1 Assessments
Multiple vulnerabilities in HP Device Manager
Very High Attacker Value  |  1 Assessments

Most Upvoted

Windows Remote Desktop (RDP) Use-after-free vulnerablility, "Bluekeep"
Very High Attacker Value  |  12 Assessments
CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug
Very High Attacker Value  |  10 Assessments
CVE-2020-1472 aka Zerologon
Very High Attacker Value  |  6 Assessments
CVE-2020-0796 - SMBGhost
High Attacker Value  |  5 Assessments
DejaBlue, RDP Heap Overflow
Very High Attacker Value  |  7 Assessments
Webmin password_change.cgi Command Injection
Very High Attacker Value  |  9 Assessments
CVE-2020-3952 - VMware vCenter Server vmdir Information Disclosure
Very High Attacker Value  |  4 Assessments
CVE-2020-16898 aka Bad Neighbor / Ping of Death Redux
High Attacker Value  |  6 Assessments
CVE-2020-5902 — TMUI RCE vulnerability
Very High Attacker Value  |  8 Assessments
CVE-2020-11651
Very High Attacker Value  |  4 Assessments