Show filters

Showing topics marked with the following tags:

(11-20 of 136)

Sort by:
Attacker Value
Moderate

CVE-2018-13382

Disclosure Date: June 04, 2019 (last updated July 23, 2020)
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.
Attack Vector: Network Privileges: None User Interaction: None
0
Attacker Value
Moderate

CVE-2020-8091

Disclosure Date: January 27, 2020 (last updated June 05, 2020)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Attack Vector: Network Privileges: None User Interaction: Required
1
Attacker Value
Very High

CVE-2020-10189

Disclosure Date: March 06, 2020 (last updated July 30, 2020)
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Attack Vector: Network Privileges: None User Interaction: None
0
Attacker Value
Moderate

CVE-2019-19193

Disclosure Date: February 10, 2020 (last updated June 05, 2020)
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
Attack Vector: Adjacent Network Privileges: None User Interaction: None
0
Attacker Value
Very High

CVE-2020-7961

Disclosure Date: March 20, 2020 (last updated July 30, 2020)
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Attack Vector: Network Privileges: None User Interaction: None
2
Attacker Value
Low

CVE-2020-12695 "CallStranger"

Disclosure Date: June 08, 2020 (last updated July 20, 2020)
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Attack Vector: Network Privileges: None User Interaction: None
1
Attacker Value
Moderate

CVE-2018-8174

Disclosure Date: May 09, 2018 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Attack Vector: Network Privileges: None User Interaction: Required
0
Attacker Value
Low

CVE-2020-13160

Disclosure Date: June 09, 2020 (last updated July 30, 2020)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Attack Vector: Network Privileges: None User Interaction: None
0
Attacker Value
High

CVE-2020-11100

Disclosure Date: April 02, 2020 (last updated June 05, 2020)
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Attack Vector: Network Privileges: Low User Interaction: None
0
Attacker Value
Moderate

CVE-2020-8467

Last updated April 14, 2020
Remote code execution vulnerability against Trend Micro Apex One (2019) and OfficeScan XG
0