Show filters
68,450 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High
CVE-2020-1472 aka Zerologon
Disclosure Date: August 17, 2020 (last updated November 18, 2020)
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
42
Attacker Value
Very High
CVE-2020-5902 — TMUI RCE vulnerability
Disclosure Date: July 01, 2020 (last updated December 21, 2020)
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
16
Attacker Value
Very High
CVE-2020-3952 - VMware vCenter Server vmdir Information Disclosure
Disclosure Date: April 10, 2020 (last updated October 06, 2023)
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
7
Attacker Value
Very High
CVE-2023-23397
Disclosure Date: March 14, 2023 (last updated October 08, 2023)
Microsoft Outlook Elevation of Privilege Vulnerability
14
Attacker Value
Very High
CVE-2021-3156 "Baron Samedit"
Disclosure Date: January 26, 2021 (last updated November 08, 2023)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
12
Attacker Value
High
CVE-2020-17087 Windows Kernel local privilege escalation 0day
Disclosure Date: November 11, 2020 (last updated October 07, 2023)
Windows Kernel Local Elevation of Privilege Vulnerability
12
Attacker Value
Very High
CVE-2020-11651
Disclosure Date: April 30, 2020 (last updated October 06, 2023)
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
5
Attacker Value
Low
CVE-2022-1040
Disclosure Date: March 25, 2022 (last updated October 07, 2023)
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
9
Attacker Value
Very High
CVE-2021-41773
Disclosure Date: October 05, 2021 (last updated November 08, 2023)
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
11
Attacker Value
Very High
CVE-2023-21716
Disclosure Date: February 14, 2023 (last updated October 08, 2023)
Microsoft Word Remote Code Execution Vulnerability
8