Show filters

Showing topics marked with the following tags:

(1-10 of 128)

Sort by:
Attacker Value
Moderate

CVE-2020-12812

Disclosure Date: July 24, 2020 (last updated July 29, 2020)
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
Attack Vector: Network
1
Attacker Value
Moderate

CVE-2019-1436

Disclosure Date: November 12, 2019 (last updated July 24, 2020)
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440.
Attack Vector: Local
0
Attacker Value
Very Low

CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerabili…

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory, aka 'Windows Diagnostics & feedback Information Disclosure Vulnerability'.
Attack Vector: Local
0
Attacker Value
High

CVE-2020-10535

Disclosure Date: March 12, 2020 (last updated June 05, 2020)
GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.
Attack Vector: Network
2
Attacker Value
Very High

CVE-2019-18393

Disclosure Date: October 24, 2019 (last updated June 05, 2020)
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Attack Vector: Network
3
Attacker Value
Very High

CVE-2020-10977

Disclosure Date: April 08, 2020 (last updated June 05, 2020)
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Attack Vector: Local
1
Attacker Value
Moderate

CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.
Attack Vector: Network
1
Attacker Value
High

CVE-2014-0160 (AKA: Heartbleed)

Disclosure Date: April 07, 2014 (last updated July 30, 2020)
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Attack Vector: Network
0
Attacker Value
Very High

CVE-2019-19781

Disclosure Date: November 05, 2019 (last updated July 30, 2020)
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Attack Vector: Network
2
Attacker Value
Moderate

CVE-2020-1292 OpenSSH for Windows Elevation of Privilege Vulnerability

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'.
Attack Vector: Local
1