Show filters
223 topics marked with the following tags:
Displaying 1-10 of 223
Sort by:
Attacker Value
High

CVE-2020-35846

Disclosure Date: December 30, 2020 (last updated January 01, 2021)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Attacker Value
Moderate

CVE-2020-8091

Disclosure Date: January 27, 2020 (last updated June 05, 2020)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Attacker Value
Moderate

CVE-2018-13382

Disclosure Date: June 04, 2019 (last updated June 03, 2021)
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
Attacker Value
Very High

CVE-2020-15506

Disclosure Date: July 07, 2020 (last updated September 18, 2020)
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
Attacker Value
High

CVE-2021-26295

Disclosure Date: March 22, 2021 (last updated March 26, 2021)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Attacker Value
Low

CVE-2019-19908

Disclosure Date: June 19, 2019 (last updated June 05, 2020)
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
Attacker Value
High

CVE-2018-11776

Disclosure Date: August 22, 2018 (last updated July 30, 2020)
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
Attacker Value
Moderate

CVE-2021-21224

Disclosure Date: April 26, 2021 (last updated April 28, 2021)
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Attacker Value
Moderate

CVE-2020-2040

Disclosure Date: September 09, 2020 (last updated September 16, 2020)
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
Attacker Value
Moderate

CVE-2020-15900

Disclosure Date: July 28, 2020 (last updated August 30, 2020)
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.