Page 271 of 45564 results (0.068 seconds)

CVSS: 6.8EPSS: 1%CPEs: -EXPL: 3

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. • https://github.com/mahmutaymahmutay/CVE-2024-37085 https://github.com/Florian-Hoth/CVE-2024-37085-RCE-POC https://github.com/WTN-arny/CVE-2024-37085 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505 • CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. • https://download.avaya.com/css/public/documents/101090768 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-125: Out-of-bounds Read •