Show filters
343 topics marked with the following tags:
Displaying 1-10 of 343
Sort by:
Attacker Value
High

CVE-2020-35846

Disclosure Date: December 30, 2020 (last updated January 01, 2021)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Attacker Value
Very High

CVE-2022-29110

Last updated May 10, 2022
Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29109.
2
Attacker Value
Very High

CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

Disclosure Date: February 18, 2020 (last updated September 27, 2021)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Attacker Value
Very High

CVE-2020-3259

Disclosure Date: May 06, 2020 (last updated September 18, 2021)
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
Attacker Value
Moderate

CVE-2020-2040

Disclosure Date: September 09, 2020 (last updated September 16, 2020)
A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.
Attacker Value
Moderate

CVE-2020-15900

Disclosure Date: July 28, 2020 (last updated August 30, 2020)
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
Attacker Value
Low

CVE-2020-13160

Disclosure Date: June 09, 2020 (last updated July 30, 2020)
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
Attacker Value
High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated November 13, 2020)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Attacker Value
Low

CVE-2019-19908

Disclosure Date: June 19, 2019 (last updated June 05, 2020)
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
Attacker Value
High

CVE-2022-21874

Last updated February 08, 2022
Windows Security Center API Remote Code Execution Vulnerability.
1