Show filters
496 topics marked with the following tags:
Displaying 11-20 of 496
Sort by:
Attacker Value
Very High
CVE-2020-4521
Disclosure Date: September 14, 2020 (last updated October 07, 2023)
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
1
Attacker Value
High
CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
1
Attacker Value
Very Low
CVE-2019-9169
Disclosure Date: February 26, 2019 (last updated November 08, 2023)
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
0
Attacker Value
Moderate
CVE-2020-8091
Disclosure Date: January 27, 2020 (last updated October 06, 2023)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
1
Attacker Value
Very High
CVE-2020-15506
Disclosure Date: July 07, 2020 (last updated October 07, 2023)
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
1
Attacker Value
Moderate
CVE-2024-43044
Disclosure Date: August 07, 2024 (last updated August 17, 2024)
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.
1
Attacker Value
Very High
CVE-2020-16875
Disclosure Date: September 11, 2020 (last updated January 01, 2024)
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p>
<p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
4
Attacker Value
High
CVE-2020-2555
Disclosure Date: January 15, 2020 (last updated October 03, 2024)
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3
Attacker Value
Very Low
CVE-2020-28198
Disclosure Date: May 06, 2021 (last updated November 08, 2023)
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
1
Attacker Value
Moderate
CVE-2020-10740
Disclosure Date: June 22, 2020 (last updated November 08, 2023)
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
1