Show filters

Showing topic results for "":

(11-20 of 18391)

Sort by:
Attacker Value
Very High

CVE-2020-8195

Disclosure Date: July 10, 2020 (last updated July 24, 2020)
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Attacker Value
Low

CVE-2020-17382

Disclosure Date: October 02, 2020 (last updated October 10, 2020)
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
Attacker Value
Very High

CVE-2020-8196

Disclosure Date: July 10, 2020 (last updated July 24, 2020)
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Attacker Value
High

CVE-2020-3153

Disclosure Date: February 20, 2020 (last updated October 07, 2020)
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Attacker Value
High

CVE-2019-1458

Disclosure Date: December 10, 2019 (last updated July 24, 2020)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Attacker Value
Very High

Bludit 3.9.2 remote code execution

Disclosure Date: September 08, 2019 (last updated July 30, 2020)
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
Attacker Value
Moderate

CVE-2020-8200

Disclosure Date: September 18, 2020 (last updated October 07, 2020)
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
Attacker Value
Moderate

CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.
Attacker Value
High

CVE-2020-9337

Disclosure Date: February 26, 2020 (last updated June 05, 2020)
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
Attacker Value
Very High

CVE-2020-4521

Disclosure Date: September 14, 2020 (last updated September 16, 2020)
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.