Topics

Sort by:
Attacker Value
High

CVE-2021-33909

Disclosure Date: July 20, 2021 (last updated July 21, 2021)
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
3
Attacker Value
Very High

CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug

Disclosure Date: February 11, 2020 (last updated July 26, 2021)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Attacker Value
Very High

CVE-2019-0604

Disclosure Date: March 05, 2019 (last updated July 26, 2021)
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
Attacker Value
Very High

CVE-2018-4878

Disclosure Date: February 06, 2018 (last updated July 26, 2021)
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
Attacker Value
Very High

CVE-2017-8759

Disclosure Date: September 13, 2017 (last updated July 26, 2021)
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Attacker Value
Very High

CVE-2015-1641

Disclosure Date: April 14, 2015 (last updated July 26, 2021)
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
0
Attacker Value
Unknown

CVE-2014-6324 - Microsoft Kerberos Checksum Validation Vulnerability

Disclosure Date: November 18, 2014 (last updated July 26, 2021)
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
1
Attacker Value
High

CVE-2021-3438

Disclosure Date: May 20, 2021 (last updated June 09, 2021)
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
Attacker Value
Very High

CVE-2021-35211

Disclosure Date: July 13, 2021 (last updated July 14, 2021)
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
2
Attacker Value
Very High

CVE-2021-36934 Windows Elevation of Privilege

Disclosure Date: July 22, 2021 (last updated July 23, 2021)
Windows Elevation of Privilege Vulnerability
4