Show filters
468 topics marked with the following tags:
Displaying 31-40 of 468
Sort by:
Attacker Value
Very High
CVE-2017-15889
Disclosure Date: December 04, 2017 (last updated October 05, 2023)
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
0
Attacker Value
Very High
CVE-2020-10644
Disclosure Date: June 09, 2020 (last updated October 06, 2023)
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
1
Attacker Value
Very High
CVE-2020-3280 Cisco Unified CCX Preauth RCE
Disclosure Date: May 20, 2020 (last updated July 24, 2020)
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.
1
Attacker Value
High
CVE-2021-27077
Disclosure Date: March 11, 2021 (last updated December 30, 2023)
Windows Win32k Elevation of Privilege Vulnerability
1
Attacker Value
Very High
Exim Unauthenticated Remote Code Execution via SNI Trailing Backslash
Disclosure Date: September 06, 2019 (last updated March 03, 2020)
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. If the Exim server accepts TLS connections, the vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake.
3
Attacker Value
High
CVE-2020-10924
Disclosure Date: July 28, 2020 (last updated October 07, 2023)
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.
1
Attacker Value
Low
CVE-2021-38759
Disclosure Date: December 07, 2021 (last updated October 07, 2023)
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
1
Attacker Value
Very High
CVE-2020-10548
Disclosure Date: June 04, 2020 (last updated October 06, 2023)
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
0
Attacker Value
Moderate
CVE-2019-10692
Disclosure Date: April 02, 2019 (last updated October 06, 2023)
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.
0
Attacker Value
Very High
CVE-2016-1561
Disclosure Date: April 21, 2017 (last updated October 05, 2023)
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
0
