Topics

Sort by:
Attacker Value
Moderate

CVE-2020-14295

Disclosure Date: June 17, 2020 (last updated July 28, 2020)
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Attacker Value
Unknown

CVE-2020-35847

Disclosure Date: December 30, 2020 (last updated January 01, 2021)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
Attacker Value
High

CVE-2020-35846

Disclosure Date: December 30, 2020 (last updated January 01, 2021)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Attacker Value
High

CVE-2020-0796 - SMBGhost

Disclosure Date: March 12, 2020 (last updated September 02, 2020)
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
Attacker Value
Very High

CVE-2020-10189

Disclosure Date: March 06, 2020 (last updated July 30, 2020)
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Attacker Value
Moderate

CVE-2021-29449

Disclosure Date: April 14, 2021 (last updated April 23, 2021)
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.
Attacker Value
Moderate

CVE-2021-1497

Disclosure Date: May 05, 2021 (last updated May 15, 2021)
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attacker Value
High

CVE-2020-4006

Disclosure Date: November 23, 2020 (last updated December 28, 2020)
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Following speculation that CVE-2020-4006 might be related to the SolarWinds supply chain hack that led to the compromise of U.S. government agencies and global organizations, [VMware said on December 22, 2020](https://blogs.vmware.com/partnernews/2020/12/statement-on-solarwinds-supply-chain-compromise-and-workspace-one.html) that they have no indication they have any involvement on the nation-state attack on SolarWinds.
Attacker Value
Unknown

CVE-2010-0742

Disclosure Date: June 03, 2010 (last updated June 05, 2020)
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
1
Attacker Value
High

CVE-2020-1147

Disclosure Date: July 14, 2020 (last updated August 28, 2020)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.