Show filters
1,272 Total Results
Displaying 1-10 of 1,272
Sort by:
Attacker Value
Very Low

Unknown iOS Mail.App RCE ZecOps

Last updated May 13, 2020
To quote the Reuters report: "To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details." So, it sounds like a font or other kind of render thing in Mail.App. No clicks required other than opening the email.
3
Attacker Value
High

CVE-2022-30190

Disclosure Date: June 01, 2022 (last updated December 20, 2023)
<p>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.</p> <p>Please see the <a href="https://aka.ms/CVE-2022-30190-Guidance">MSRC Blog Entry</a> for important information about steps you can take to protect your system from this vulnerability.</p>
Attacker Value
Very High

CVE-2021-24085

Disclosure Date: February 25, 2021 (last updated December 30, 2023)
Microsoft Exchange Server Spoofing Vulnerability
Attacker Value
Unknown

CVE-2021-21017

Disclosure Date: February 09, 2021 (last updated October 07, 2023)
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Attacker Value
High

CVE-2020-3495

Disclosure Date: September 04, 2020 (last updated November 08, 2023)
A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.
Attacker Value
Unknown

CVE-2021-33742

Disclosure Date: June 08, 2021 (last updated December 30, 2023)
Windows MSHTML Platform Remote Code Execution Vulnerability
Attacker Value
High

CVE-2021-28550

Disclosure Date: May 11, 2021 (last updated November 08, 2023)
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Attacker Value
Very High

CVE-2021-1585

Disclosure Date: July 07, 2021 (last updated December 16, 2023)
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM.
Attacker Value
Moderate

CVE-2020-3580

Disclosure Date: October 21, 2020 (last updated November 08, 2023)
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
Attacker Value
Very High

CVE-2020-8899 Samsung Quarm RCE via MMS

Disclosure Date: May 06, 2020 (last updated July 24, 2020)
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.