Show filters
95,389 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High

CVE-2020-1350 Windows DNS Server Remote Code Execution (SigRed)

Disclosure Date: July 14, 2020 (last updated December 28, 2020)
A remote code execution vulnerability codenamed "SigRed" exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
Attacker Value
Very High

CVE-2020-3952 - VMware vCenter Server vmdir Information Disclosure

Disclosure Date: April 10, 2020 (last updated October 06, 2023)
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Attacker Value
Very High

CVE-2021-21985

Disclosure Date: May 26, 2021 (last updated June 29, 2021)
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Attacker Value
Very High

CVE-2020-0601, aka NSACrypt

Disclosure Date: January 14, 2020 (last updated October 06, 2023)
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Attacker Value
Very High

CVE-2023-34362

Disclosure Date: June 02, 2023 (last updated June 28, 2024)
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
Attacker Value
Very High

CVE-2023-23397

Disclosure Date: March 14, 2023 (last updated August 15, 2024)
Microsoft Outlook Elevation of Privilege Vulnerability
Attacker Value
Moderate

CVE-2021-40444

Disclosure Date: September 15, 2021 (last updated July 30, 2024)
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or …
Attacker Value
High

CVE-2023-46604

Disclosure Date: October 27, 2023 (last updated June 28, 2024)
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Attacker Value
Very High

CVE-2023-22515

Disclosure Date: October 04, 2023 (last updated February 17, 2024)
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
Attacker Value
Very High

K03009991: iControl REST unauthenticated remote command execution vulnerability…

Disclosure Date: March 31, 2021 (last updated April 06, 2021)
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.