Show filters
5,028 Total Results
Displaying 11-20 of 5,028
Sort by:
Attacker Value
Very High

CVE-2020-14144

Disclosure Date: October 16, 2020 (last updated November 09, 2020)
** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides."
Attacker Value
Very High

CVE-2020-8243

Disclosure Date: September 30, 2020 (last updated October 08, 2020)
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
Attacker Value
Very High

CVE-2020-2038

Disclosure Date: September 09, 2020 (last updated September 16, 2020)
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
Attacker Value
Very High

CVE-2020-2037

Disclosure Date: September 09, 2020 (last updated September 16, 2020)
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
Attacker Value
Unknown

SolarWinds Orion Platform Reverse Tabnabbing and Open Redirect — CVE-2021-3109

Disclosure Date: March 26, 2021 (last updated March 30, 2021)
A Reverse Tabnabbing and Open Redirect vulnerability was found in the custom menu item options page by a security researcher. This vulnerability requires an Orion administrator account to exploit this.
Attacker Value
Unknown

SolarWinds Orion Platform Stored XSS in Customize view —CVE-2020-35856

Disclosure Date: March 26, 2021 (last updated March 30, 2021)
A stored XSS vulnerability was found in the add custom tab within customize view page by a security researcher. This vulnerability requires Orion administrator account to exploit this.
Attacker Value
Unknown

CVE-2021-1376

Disclosure Date: March 24, 2021 (last updated March 31, 2021)
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.
Attacker Value
Unknown

CVE-2020-26832

Disclosure Date: December 09, 2020 (last updated December 11, 2020)
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
Attacker Value
Unknown

CVE-2020-26808

Disclosure Date: November 10, 2020 (last updated November 24, 2020)
SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.
Attacker Value
High

CVE-2020-4428

Disclosure Date: April 21, 2020 (last updated July 30, 2020)
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.