Show filters
305 topics marked with the following tags:
Displaying 11-20 of 305
Sort by:
Attacker Value
Moderate

CVE-2020-2040

Disclosure Date: September 09, 2020 (last updated September 16, 2020)
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
Attacker Value
Low

CVE-2020-13160

Disclosure Date: June 09, 2020 (last updated July 30, 2020)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Attacker Value
Very High

Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to vi…

Disclosure Date: January 15, 2020 (last updated July 24, 2020)
A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.
Attacker Value
Moderate

CVE-2019-20361

Disclosure Date: January 08, 2020 (last updated July 27, 2020)
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Attacker Value
Very High

CVE-2019-10149

Last updated May 28, 2020
Exim unauthenticated RCE with reports that it's been used by [Sandworm since August 2019](CVE-2019-10149)
2
Attacker Value
High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated November 13, 2020)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Attacker Value
Very High
Security researchers at Claroty [published details](https://www.claroty.com/2020/07/28/vpn-security-flaws/) on multiple pre-auth remote code execution vulnerabilities affecting virtual private network (VPN) implementations primarily used to provide remote access to operational technology (OT) networks. The vulnerabilities could allow unauthenticated attackers to execute arbitrary code. Individual CVEs referenced in Claroty's research include CVE-2020-14500, CVE-2020-14508, CVE-2020-14510, CVE-2020-14512, CVE-2020-14511, and CVE-2020-14498. Affected products include Secomea GateManager, Moxa EDR-G902/3 industrial VPN servers, and eWon by HMS Networks.
1
Attacker Value
Very High

SolarWinds Orion Platform Unauthenticated RCE (CVE-2021-25274)

Disclosure Date: February 03, 2021 (last updated February 09, 2021)
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
Attacker Value
Moderate

CVE-2021-22652

Disclosure Date: February 11, 2021 (last updated February 18, 2021)
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
Attacker Value
Moderate

CVE-2022-22963

Last updated April 01, 2022
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
4