Show filters
45,630 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Low
CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability
Disclosure Date: January 12, 2021 (last updated December 29, 2023)
Microsoft Defender Remote Code Execution Vulnerability
7
Attacker Value
Very High
CVE-2020-1337
Disclosure Date: August 17, 2020 (last updated January 19, 2024)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.
The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
6
Attacker Value
Low
CVE-2019-14287
Disclosure Date: October 17, 2019 (last updated November 08, 2023)
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
1
Attacker Value
Moderate
CVE-2017-5715
Disclosure Date: January 04, 2018 (last updated October 06, 2023)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
6
Attacker Value
Moderate
CVE-2023-22952
Disclosure Date: January 11, 2023 (last updated October 08, 2023)
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.
4
Attacker Value
High
CVE-2022-36804
Disclosure Date: August 24, 2022 (last updated June 29, 2024)
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
6
Attacker Value
High
CVE-2022-21882
Disclosure Date: January 11, 2022 (last updated July 25, 2024)
Win32k Elevation of Privilege Vulnerability
5
Attacker Value
Unknown
CVE-2021-34484
Disclosure Date: August 12, 2021 (last updated July 10, 2024)
Windows User Profile Service Elevation of Privilege Vulnerability
5
Attacker Value
High
CVE-2021-1732
Disclosure Date: February 25, 2021 (last updated July 26, 2024)
Windows Win32k Elevation of Privilege Vulnerability
6
Attacker Value
Moderate
CVE-2021-1636
Disclosure Date: January 12, 2021 (last updated December 30, 2023)
Microsoft SQL Elevation of Privilege Vulnerability
6
