Show filters
3,391 Total Results
Displaying 1-10 of 3,391
Sort by:
Attacker Value
High

CVE-2020-16898 aka Bad Neighbor / Ping of Death Redux

Disclosure Date: October 16, 2020 (last updated January 01, 2024)
<p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.</p> <p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.</p> <p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.</p>
Attacker Value
Moderate

CVE-2023-36745

Disclosure Date: September 12, 2023 (last updated December 14, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
Unknown

CVE-2020-24587

Disclosure Date: May 11, 2021 (last updated October 07, 2023)
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
Attacker Value
Unknown

CVE-2024-30078

Disclosure Date: June 11, 2024 (last updated June 22, 2024)
Windows Wi-Fi Driver Remote Code Execution Vulnerability
Attacker Value
High

CVE-2023-41724

Disclosure Date: March 31, 2024 (last updated April 02, 2024)
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Attacker Value
Low

CVE-2024-21306

Disclosure Date: January 09, 2024 (last updated January 13, 2024)
Microsoft Bluetooth Driver Spoofing Vulnerability
Attacker Value
Very High

CVE-2022-41082

Disclosure Date: October 03, 2022 (last updated December 21, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
Moderate

CVE-2022-21969

Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
High

CVE-2020-3118 (AKA: CDPwn)

Disclosure Date: February 05, 2020 (last updated October 06, 2023)
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Attacker Value
Very High

CVE-2024-29824

Disclosure Date: May 31, 2024 (last updated October 04, 2024)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.