Show filters

Showing topics marked with the following tags:

(1-10 of 163)

Sort by:
Attacker Value
High

CVE-2017-5689

Disclosure Date: May 02, 2017 (last updated July 30, 2020)
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Attack Vector: Network
0
Attacker Value
Very High

CVE-2020-9463

Disclosure Date: February 28, 2020 (last updated June 05, 2020)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Attack Vector: Network
0
Attacker Value
Very High

CVE-2020-10189

Disclosure Date: March 06, 2020 (last updated July 30, 2020)
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Attack Vector: Network
0
Attacker Value
Very High

CVE-2020-7961

Disclosure Date: March 20, 2020 (last updated July 30, 2020)
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Attack Vector: Network
2
Attacker Value
Moderate

CVE-2018-8174

Disclosure Date: May 09, 2018 (last updated July 24, 2020)
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-9442

Disclosure Date: February 28, 2020 (last updated June 05, 2020)
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
Attack Vector: Local
0
Attacker Value
Very Low

CVE-2020-14933

Disclosure Date: June 20, 2020 (last updated June 27, 2020)
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.
Attack Vector: Network
0
Attacker Value
Low

CVE-2020-9269

Disclosure Date: February 18, 2020 (last updated June 05, 2020)
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
Attack Vector: Network
0
Attacker Value
High

CVE-2020-1985

Disclosure Date: April 08, 2020 (last updated July 24, 2020)
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
Attack Vector: Local
0
Attacker Value
High

CVE-2020-3153

Disclosure Date: February 20, 2020 (last updated July 30, 2020)
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Attack Vector: Local
2