Show filters
3,380 Total Results
Displaying 1-10 of 3,380
Sort by:
Attacker Value
High
CVE-2020-16898 aka Bad Neighbor / Ping of Death Redux
Disclosure Date: October 16, 2020 (last updated January 01, 2024)
<p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.</p>
<p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.</p>
<p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.</p>
29
Attacker Value
Moderate
CVE-2023-36745
Disclosure Date: September 12, 2023 (last updated December 14, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
3
Attacker Value
Unknown
CVE-2020-24587
Disclosure Date: May 11, 2021 (last updated October 07, 2023)
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
3
Attacker Value
Unknown
CVE-2024-30078
Disclosure Date: June 11, 2024 (last updated June 22, 2024)
Windows Wi-Fi Driver Remote Code Execution Vulnerability
3
Attacker Value
High
CVE-2023-41724
Disclosure Date: March 31, 2024 (last updated April 02, 2024)
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
2
Attacker Value
Low
CVE-2024-21306
Disclosure Date: January 09, 2024 (last updated January 13, 2024)
Microsoft Bluetooth Driver Spoofing Vulnerability
2
Attacker Value
Very High
CVE-2022-41082
Disclosure Date: October 03, 2022 (last updated December 21, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
2
Attacker Value
Moderate
CVE-2022-21969
Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
2
Attacker Value
High
CVE-2020-3118 (AKA: CDPwn)
Disclosure Date: February 05, 2020 (last updated October 06, 2023)
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
1
Attacker Value
Very High
CVE-2024-29824
Disclosure Date: May 31, 2024 (last updated October 04, 2024)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
2