Show filters

Showing topic results for "":

(11-20 of 27052)

Maximum of 10,000 topics displayable. Please refine your search.
Sort by:
Attacker Value
Very High

CVE-2020-9496

Disclosure Date: July 15, 2020 (last updated August 28, 2020)
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Attacker Value
Low

ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows

Disclosure Date: April 15, 2020 (last updated September 02, 2020)
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
Attacker Value
Unknown

CVE-2021-21148

Disclosure Date: February 09, 2021 (last updated February 13, 2021)
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Unknown

CVE-2020-27930

Disclosure Date: December 08, 2020 (last updated December 10, 2020)
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
Attacker Value
Unknown

CVE-2020-3556

Disclosure Date: November 04, 2020 (last updated November 21, 2020)
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability.
Attacker Value
Unknown

CVE-2020-16009

Disclosure Date: November 03, 2020 (last updated November 13, 2020)
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
High

CVE-2020-1380

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.
Attacker Value
Moderate

CVE-2020-0674

Disclosure Date: February 11, 2020 (last updated September 11, 2020)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Attacker Value
High

Internet Explorer RCE through scripting engine memory corruption (IE 9, 10, 11)

Disclosure Date: November 12, 2019 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Attacker Value
Unknown

CVE-2020-16013

Disclosure Date: January 08, 2021 (last updated January 12, 2021)
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.