Show filters
Showing topics marked with the following tags:
(1-10 of 163)
Sort by:
Attacker Value
High
CVE-2017-5689
Disclosure Date: May 02, 2017 (last updated July 30, 2020)
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
0
Attacker Value
Very High
CVE-2020-9463
Disclosure Date: February 28, 2020 (last updated June 05, 2020)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
0
Attacker Value
Very High
CVE-2020-10189
Disclosure Date: March 06, 2020 (last updated July 30, 2020)
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
0
Attacker Value
Very High
CVE-2020-7961
Disclosure Date: March 20, 2020 (last updated July 30, 2020)
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
2
Attacker Value
Moderate
CVE-2018-8174
Disclosure Date: May 09, 2018 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
0
Attacker Value
Low
CVE-2020-9442
Disclosure Date: February 28, 2020 (last updated June 05, 2020)
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
0
Attacker Value
Very Low
CVE-2020-14933
Disclosure Date: June 20, 2020 (last updated June 27, 2020)
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.
0
Attacker Value
Low
CVE-2020-9269
Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
0
Attacker Value
High
CVE-2020-1985
Disclosure Date: April 08, 2020 (last updated July 24, 2020)
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
0
Attacker Value
High
CVE-2020-3153
Disclosure Date: February 20, 2020 (last updated July 30, 2020)
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
2
