Show filters
18 topics marked with the following tags:
Displaying 11-18 of 18
Sort by:
Attacker Value
Very High

CVE-2011-3192

Disclosure Date: August 29, 2011 (last updated July 30, 2020)
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
0
Attacker Value
Very High

CVE-2020-2037

Disclosure Date: September 09, 2020 (last updated September 16, 2020)
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
Attacker Value
Very High

CVE-2020-14144

Disclosure Date: October 16, 2020 (last updated November 09, 2020)
** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides."
Attacker Value
Very High

CVE-2020-8218

Disclosure Date: July 30, 2020 (last updated September 01, 2020)
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
Attacker Value
Moderate

CVE-2017-5715

Disclosure Date: January 04, 2018 (last updated April 15, 2021)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Attacker Value
Moderate

CVE-2021-38699

Disclosure Date: August 15, 2021 (last updated August 24, 2021)
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.
Attacker Value
Unknown

CVE-2010-0742

Disclosure Date: June 03, 2010 (last updated June 05, 2020)
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
1
Attacker Value
Very High

CVE-2021-27065

Disclosure Date: March 03, 2021 (last updated July 27, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.