Show filters
12,547 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Moderate

CVE-2020-10713 - BootHole

Disclosure Date: July 30, 2020 (last updated October 07, 2023)
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Attacker Value
Very High

CVE-2024-21887

Disclosure Date: January 12, 2024 (last updated January 13, 2024)
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Attacker Value
High

CVE-2020-4006

Disclosure Date: November 23, 2020 (last updated December 28, 2020)
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Following speculation that CVE-2020-4006 might be related to the SolarWinds supply chain hack that led to the compromise of U.S. government agencies and global organizations, [VMware said on December 22, 2020](https://blogs.vmware.com/partnernews/2020/12/statement-on-solarwinds-supply-chain-compromise-and-workspace-one.html) that they have no indication they have any involvement on the nation-state attack on SolarWinds.
Attacker Value
Unknown

CVE-2020-17049

Disclosure Date: November 11, 2020 (last updated January 01, 2024)
<p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p>
Attacker Value
High

CVE-2019-11539

Disclosure Date: April 26, 2019 (last updated February 28, 2024)
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
Attacker Value
Very High

CVE-2022-27925

Disclosure Date: April 21, 2022 (last updated October 07, 2023)
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Attacker Value
Very High

CVE-2020-16875

Disclosure Date: September 11, 2020 (last updated January 01, 2024)
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
Attacker Value
Unknown

CVE-2023-20867

Disclosure Date: June 13, 2023 (last updated October 08, 2023)
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
Attacker Value
High

CVE-2022-22957

Disclosure Date: April 13, 2022 (last updated October 07, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
Attacker Value
Very High

CVE-2021-40578

Disclosure Date: December 07, 2021 (last updated October 07, 2023)
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.