Show filters
53,293 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High

CVE-2020-1472 aka Zerologon

Disclosure Date: August 17, 2020 (last updated November 18, 2020)
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
Attacker Value
High

CVE-2020-16898 aka Bad Neighbor / Ping of Death Redux

Disclosure Date: October 16, 2020 (last updated October 28, 2020)
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka 'Windows TCP/IP Remote Code Execution Vulnerability'.
Attacker Value
Very High

CVE-2020-5902 — TMUI RCE vulnerability

Disclosure Date: July 01, 2020 (last updated December 21, 2020)
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
Attacker Value
Very High

Windows Remote Desktop (RDP) Use-after-free vulnerablility, "Bluekeep"

Disclosure Date: May 16, 2019 (last updated September 02, 2020)
A bug in Windows Remote Desktop protocol allows unauthenticated users to run arbitrary code via a specially crafted request to the service. This affects Windows 7/Windows Server 2008 and earlier releases. Given the ubiquity of RDP in corporate environments and the trusted nature of RDP, this could pose serious concerns for ransomware attacks much like WannaCry. Patches are released for Windows 7/2008 Operating systems as well as Windows XP.
Attacker Value
Very High

CVE-2020-10148 SolarWinds Orion API authentication bypass and RCE

Disclosure Date: December 29, 2020 (last updated January 04, 2021)
The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands. This API is a central part of the Orion platform with highly privileged access to all Orion platform components. API authentication can be bypassed by including specific parameters in the `Request.PathInfo` portion of a URI request, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a `PathInfo` parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the `SkipAuthorization` flag, which may allow the API request to be processed without requiring authentication. Patches are available and as of 2020-12-24 organizations should be on one of the following versions to mitigate this weakness: - 2019.4 HF 6 (released December 14, 2020) - 2020.2.1 HF 2 (released December 15, 2020) - 2019.2 SUPERNOVA Patch (released December 23,…
Attacker Value
Very High

CVE-2020-1350 Windows DNS Server Remote Code Execution (SigRed)

Disclosure Date: July 14, 2020 (last updated December 28, 2020)
A remote code execution vulnerability codenamed "SigRed" exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
Attacker Value
Very High

CVE-2020-3952 - VMware vCenter Server vmdir Information Disclosure

Disclosure Date: April 10, 2020 (last updated August 28, 2020)
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Attacker Value
Very High

CVE-2020-0601, aka NSACrypt

Disclosure Date: January 14, 2020 (last updated July 24, 2020)
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Attacker Value
Very High

K03009991: iControl REST unauthenticated remote command execution vulnerability…

Disclosure Date: March 31, 2021 (last updated April 06, 2021)
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Attacker Value
Very High

CVE-2020-11651

Disclosure Date: April 30, 2020 (last updated August 28, 2020)
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.