Show filters
54 Total Results
Displaying 21-30 of 54
Sort by:
Attacker Value
Very High
Windows Remote Desktop Gateway RCE (CVE-2020-0609)
Last updated February 24, 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.
The update addresses the vulnerability by correcting how RD Gateway handles connection requests.
(Description copy-pasted entirely from Microsoft's CVE description)
1
Attacker Value
Very High
CVE-2021-26855
Disclosure Date: March 03, 2021 (last updated December 30, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
3
Attacker Value
High
Liferay CE 6.0.2 Java Deserialization
Last updated March 02, 2020
Liferay CE 6.0.2 remote code execution via unsafe deserialization
0
Attacker Value
Very High
CVE-2020-9496
Disclosure Date: July 15, 2020 (last updated November 08, 2023)
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
0
Attacker Value
Moderate
CVE-2023-37679
Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
2
Attacker Value
High
Zimbra Collaboration Suite ProxyServlet SSRF
Disclosure Date: April 30, 2019 (last updated October 06, 2023)
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
0
Attacker Value
High
CVE-2020-10915 Preauth RCE in VEEAM One Agent
Disclosure Date: April 22, 2020 (last updated July 30, 2020)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.
0
Attacker Value
Very High
CVE-2021-20020
Disclosure Date: April 10, 2021 (last updated October 07, 2023)
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
1
Attacker Value
Low
CVE-2024-28741
Disclosure Date: April 06, 2024 (last updated April 10, 2024)
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
1
Attacker Value
Unknown
CVE-2024-27018
Disclosure Date: May 01, 2024 (last updated May 01, 2024)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: skip conntrack input hook for promisc packets
For historical reasons, when bridge device is in promisc mode, packets
that are directed to the taps follow bridge input hook path. This patch
adds a workaround to reset conntrack for these packets.
Jianbo Liu reports warning splats in their test infrastructure where
cloned packets reach the br_netfilter input hook to confirm the
conntrack object.
Scratch one bit from BR_INPUT_SKB_CB to annotate that this packet has
reached the input hook because it is passed up to the bridge device to
reach the taps.
[ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter]
[ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_trans…
0