Topics

Sort by:
Attacker Value
Very High

CVE-2020-5902 — TMUI RCE vulnerability

Disclosure Date: July 01, 2020 (last updated December 21, 2020)
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
Attacker Value
Unknown

CVE-2021-31474

Disclosure Date: May 21, 2021 (last updated May 27, 2021)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
Attacker Value
High

CVE-2021-31181

Disclosure Date: May 11, 2021 (last updated May 18, 2021)
Microsoft SharePoint Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2021-21985

Disclosure Date: May 26, 2021 (last updated June 04, 2021)
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Attacker Value
Unknown

CVE-2021-31199

Disclosure Date: June 08, 2021 (last updated June 09, 2021)
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31201.
1
Attacker Value
Unknown

CVE-2021-31201

Disclosure Date: June 08, 2021 (last updated June 11, 2021)
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31199.
Attacker Value
Very High

Insecure RDP

Last updated October 09, 2020
There are active attack campaigns as of October 2020 targeting RDP servers without multi-factor authentication enabled.
7
Attacker Value
Very High

CVE-2021-21975

Disclosure Date: March 31, 2021 (last updated June 05, 2021)
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
Attacker Value
High

CVE-2021-28550

Last updated March 16, 2021
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
1
Attacker Value
High

CVE-2021-28482

Disclosure Date: April 13, 2021 (last updated April 15, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483.