EPSS CVE Percentile Date
0.975590000 CVE-2019-16057 1.000000000 2024-12-23
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Reference: https://blog.cystack.net/d-link-dns-320-rce/
0.975580000 CVE-2020-5902 1.000000000 2024-12-23
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Reference: http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html
0.975450000 CVE-2019-16662 0.999990000 2024-12-23
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. Reference: http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html
0.975430000 CVE-2020-25223 0.999990000 2024-12-23
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Reference: http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html
0.975420000 CVE-2017-5753 0.999980000 2024-12-23
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Reference: http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
0.975420000 CVE-1999-0532 0.999990000 2024-12-23
A DNS server allows zone transfers. Reference: https://www.cve.org/CVERecord?id=CVE-1999-0532
0.975390000 CVE-2014-0224 0.999980000 2024-12-23
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. Reference: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
0.975320000 CVE-2022-24706 0.999970000 2024-12-23
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. Reference: http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
0.975310000 CVE-2015-1635 0.999970000 2024-12-23
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." Reference: http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html
0.975290000 CVE-2020-15505 0.999970000 2024-12-23
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. Reference: http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html