Show filters
4,015 Total Results
Displaying 11-20 of 4,015
Sort by:
Attacker Value
High

CVE-2021-4034

Disclosure Date: January 28, 2022 (last updated November 06, 2024)
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Attack Vector: LocalPrivileges: LowUser Interaction: None
6
3
Attacker Value
High

CVE-2022-22965

Disclosure Date: April 01, 2022 (last updated October 07, 2023)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
7
1
Attacker Value
Very High

CVE-2020-1337

Disclosure Date: August 17, 2020 (last updated January 19, 2024)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
Attack Vector: LocalPrivileges: LowUser Interaction: None
6
2
Attacker Value
Low

CVE-2019-14287

Disclosure Date: October 17, 2019 (last updated November 08, 2023)
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
1
5
Attacker Value
High

CVE-2024-30080

Disclosure Date: June 11, 2024 (last updated January 12, 2025)
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
5
2
Attacker Value
Very High

CVE-2023-36884

Disclosure Date: July 11, 2023 (last updated January 24, 2025)
Windows Search Remote Code Execution Vulnerability
6
1
Attacker Value
High

CVE-2022-21907

Disclosure Date: January 11, 2022 (last updated November 28, 2024)
HTTP Protocol Stack Remote Code Execution Vulnerability
5
1
Attacker Value
High

CVE-2022-21882

Disclosure Date: January 11, 2022 (last updated November 16, 2024)
Win32k Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
5
2
Attacker Value
High

CVE-2021-36955

Disclosure Date: September 15, 2021 (last updated November 28, 2024)
Windows Common Log File System Driver Elevation of Privilege Vulnerability
5
2
Attacker Value
Unknown

CVE-2021-34484

Disclosure Date: August 12, 2021 (last updated November 28, 2024)
Windows User Profile Service Elevation of Privilege Vulnerability
5
2
View More Topics  < Previous  Next >