Show filters
36,097 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
High

CVE-2021-41379

Disclosure Date: November 10, 2021 (last updated December 29, 2023)
Windows Installer Elevation of Privilege Vulnerability
Attacker Value
Very High

CVE-2021-3156 "Baron Samedit"

Disclosure Date: January 26, 2021 (last updated July 10, 2024)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Attacker Value
High

CVE-2020-17087 Windows Kernel local privilege escalation 0day

Disclosure Date: November 11, 2020 (last updated January 01, 2024)
Windows Kernel Local Elevation of Privilege Vulnerability
Attacker Value
High

CVE-2022-30190

Disclosure Date: June 01, 2022 (last updated June 29, 2024)
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
Attacker Value
Moderate

CVE-2020-10713 - BootHole

Disclosure Date: July 30, 2020 (last updated October 07, 2023)
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Attacker Value
Very High

CVE-2021-36934 Windows Elevation of Privilege

Disclosure Date: July 22, 2021 (last updated December 29, 2023)
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
Attacker Value
High

CVE-2021-4034

Disclosure Date: January 28, 2022 (last updated October 07, 2023)
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Attacker Value
High

CVE-2021-21551

Disclosure Date: May 04, 2021 (last updated July 10, 2024)
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
Attacker Value
Very High

CVE-2021-26857

Disclosure Date: March 03, 2021 (last updated December 30, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
Low

CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Disclosure Date: January 12, 2021 (last updated December 29, 2023)
Microsoft Defender Remote Code Execution Vulnerability