Show filters
57,508 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High

CVE-2020-3952 - VMware vCenter Server vmdir Information Disclosure

Disclosure Date: April 10, 2020 (last updated August 28, 2020)
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Attacker Value
Very High

CVE-2021-21985

Disclosure Date: May 26, 2021 (last updated June 29, 2021)
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Attacker Value
Very High

CVE-2021-3156 "Baron Samedit"

Disclosure Date: January 26, 2021 (last updated March 16, 2021)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Attacker Value
Very High

K03009991: iControl REST unauthenticated remote command execution vulnerability…

Disclosure Date: March 31, 2021 (last updated April 06, 2021)
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Attacker Value
High

CVE-2020-17087 Windows Kernel local privilege escalation 0day

Disclosure Date: November 11, 2020 (last updated November 17, 2020)
CVE-2020-17087 is a pool-based buffer overflow vulnerability in the Windows Kernel Cryptography Driver (cng.sys). The vulnerability arises from input/output controller (IOCTL) 0x390400 processing and could allow a local attacker to escalate privileges, including for sandbox escape. The vulnerability was initially released as a zero-day by Google's Project Zero team; it was patched on November 10, 2020, as part of Microsoft's November 2020 Patch Tuesday release.
Attacker Value
Very High

CVE-2020-11651

Disclosure Date: April 30, 2020 (last updated August 28, 2020)
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Attacker Value
Very High

VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-219…

Disclosure Date: February 24, 2021 (last updated April 05, 2021)
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Attacker Value
Very High

CVE-2020-14882 — Unauthenticated RCE in Console component of Oracle WebLogic Se…

Disclosure Date: October 21, 2020 (last updated December 28, 2020)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Attacker Value
High

CVE-2021-41773

Disclosure Date: October 05, 2021 (last updated October 15, 2021)
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Attacker Value
High

CVE-2021-31166

Disclosure Date: May 11, 2021 (last updated May 23, 2021)
HTTP Protocol Stack Remote Code Execution Vulnerability