Show filters
54,677 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High

K03009991: iControl REST unauthenticated remote command execution vulnerability…

Disclosure Date: March 31, 2021 (last updated April 06, 2021)
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Attacker Value
Very High

CVE-2020-11651

Disclosure Date: April 30, 2020 (last updated August 28, 2020)
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Attacker Value
Very High

VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-219…

Disclosure Date: February 24, 2021 (last updated April 05, 2021)
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Attacker Value
Very High

CVE-2020-14882 — Unauthenticated RCE in Console component of Oracle WebLogic Se…

Disclosure Date: October 21, 2020 (last updated December 28, 2020)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Attacker Value
High

CVE-2020-0796 - SMBGhost

Disclosure Date: March 12, 2020 (last updated September 02, 2020)
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
Attacker Value
High

CVE-2021-31166

Disclosure Date: May 11, 2021 (last updated May 23, 2021)
HTTP Protocol Stack Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2020-13379

Disclosure Date: June 03, 2020 (last updated August 03, 2020)
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
Attacker Value
Very High

CVE-2018-13379 Path Traversal in Fortinet FortiOS

Disclosure Date: June 04, 2019 (last updated July 26, 2021)
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
Attacker Value
Very High

CVE-2020-15999 Chrome Freetype 0day

Disclosure Date: November 03, 2020 (last updated November 05, 2020)
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Very High

CVE-2020-15505

Disclosure Date: July 07, 2020 (last updated January 06, 2021)
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.