Show filters

Showing topics marked with the following tags:

(1-10 of 169)

Sort by:
Attacker Value
Very High

CVE-2019-18393

Disclosure Date: October 24, 2019 (last updated August 28, 2020)
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Attacker Value
High

CVE-2020-10535

Disclosure Date: March 12, 2020 (last updated June 05, 2020)
GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.
Attacker Value
Very High

CVE-2020-6364 — OS Command Injection Vulnerability in CA Introscope Enterprise …

Disclosure Date: October 15, 2020 (last updated October 20, 2020)
OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run) Product - SAP Solution Manager (CA Introscope Enterprise Manager) and SAP Focused Run (CA Introscope Enterprise Manager), Versions - WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7
Attacker Value
High

CVE-2020-5135

Disclosure Date: October 12, 2020 (last updated October 28, 2020)
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
Attacker Value
Very High

CVE-2019-0230

Disclosure Date: September 14, 2020 (last updated September 19, 2020)
Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE). The problem only applies when forcing OGNL evaluation inside a Struts tag attribute, when the expression to evaluate references raw, unvalidated input that an attacker is able to directly modify by crafting a corresponding request.
Attacker Value
Very High

CVE-2020-4521

Disclosure Date: September 14, 2020 (last updated September 16, 2020)
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396.
Attacker Value
Very High

CVE-2020-10977

Disclosure Date: April 08, 2020 (last updated June 05, 2020)
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Attacker Value
Moderate

CVE-2019-1436

Disclosure Date: November 12, 2019 (last updated July 24, 2020)
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.
Attacker Value
Very High

CVE-2020-8195

Disclosure Date: July 10, 2020 (last updated July 24, 2020)
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Attacker Value
Very High

CVE-2020-16875

Disclosure Date: September 11, 2020 (last updated September 18, 2020)
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'.