Show filters
Showing topic results for "":
(1-10 of 27071)
Maximum of 10,000 topics displayable. Please refine your search.
Sort by:
Attacker Value
Very High
CVE-2020-0601, aka NSACrypt
Disclosure Date: January 14, 2020 (last updated July 24, 2020)
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
3
Attacker Value
Very High
CVE-2020-15999 Chrome Freetype 0day
Disclosure Date: November 03, 2020 (last updated November 05, 2020)
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
7
Attacker Value
Very High
CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities
Disclosure Date: October 16, 2020 (last updated October 22, 2020)
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.
6
Attacker Value
Very High
CVE-2020-6418
Disclosure Date: February 27, 2020 (last updated July 30, 2020)
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2
Attacker Value
Very High
CVE-2021-24085
Disclosure Date: February 25, 2021 (last updated March 05, 2021)
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730.
4
Attacker Value
High
CVE-2020-1147
Disclosure Date: July 14, 2020 (last updated August 28, 2020)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
3
Attacker Value
Moderate
CVE-2020-35687
Disclosure Date: January 13, 2021 (last updated January 16, 2021)
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
2
Attacker Value
Unknown
CVE-2020-16017
Disclosure Date: January 08, 2021 (last updated January 12, 2021)
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
3
Attacker Value
Moderate
CVE-2020-5948 — F5 TMUI XSS vulnerability
Disclosure Date: December 11, 2020 (last updated December 15, 2020)
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2.
Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
### Impact
An attacker may exploit this vulnerability using a crafted URL to a reflected cross-site scripting (XSS) in an undisclosed page of the Configuration utility.
3
Attacker Value
Very High
CVE-2020-9691
Disclosure Date: July 29, 2020 (last updated July 30, 2020)
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
3