Show filters
6,697 Total Results
Displaying 11-20 of 6,697
Sort by:
Attacker Value
High
CVE-2022-30190
Disclosure Date: June 01, 2022 (last updated January 03, 2025)
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
12
Attacker Value
High
CVE-2020-0796 - SMBGhost
Disclosure Date: March 12, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
8
Attacker Value
High
CVE-2021-31166
Disclosure Date: May 11, 2021 (last updated February 22, 2025)
HTTP Protocol Stack Remote Code Execution Vulnerability
8
Attacker Value
Very High
CVE-2024-38063
Disclosure Date: August 13, 2024 (last updated September 10, 2024)
Windows TCP/IP Remote Code Execution Vulnerability
9
Attacker Value
Very High
CVE-2021-36934 Windows Elevation of Privilege
Disclosure Date: July 22, 2021 (last updated November 28, 2024)
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p>
<p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
8
Attacker Value
Low
CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability
Disclosure Date: January 12, 2021 (last updated December 29, 2023)
Microsoft Defender Remote Code Execution Vulnerability
7
Attacker Value
Very High
CVE-2020-1337
Disclosure Date: August 17, 2020 (last updated January 19, 2024)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.
The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
6
Attacker Value
High
CVE-2024-30080
Disclosure Date: June 11, 2024 (last updated January 12, 2025)
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
5
Attacker Value
Very High
CVE-2023-36884
Disclosure Date: July 11, 2023 (last updated January 24, 2025)
Windows Search Remote Code Execution Vulnerability
6
Attacker Value
High
CVE-2022-21907
Disclosure Date: January 11, 2022 (last updated November 28, 2024)
HTTP Protocol Stack Remote Code Execution Vulnerability
5
