Show filters
22,490 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High

CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug

Disclosure Date: February 11, 2020 (last updated July 26, 2021)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Attacker Value
Very High

CVE-2021-3156 "Baron Samedit"

Disclosure Date: January 26, 2021 (last updated March 16, 2021)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Attacker Value
High

CVE-2020-17087 Windows Kernel local privilege escalation 0day

Disclosure Date: November 11, 2020 (last updated November 17, 2020)
CVE-2020-17087 is a pool-based buffer overflow vulnerability in the Windows Kernel Cryptography Driver (cng.sys). The vulnerability arises from input/output controller (IOCTL) 0x390400 processing and could allow a local attacker to escalate privileges, including for sandbox escape. The vulnerability was initially released as a zero-day by Google's Project Zero team; it was patched on November 10, 2020, as part of Microsoft's November 2020 Patch Tuesday release.
Attacker Value
Very High

CVE-2021-34527 "PrintNightmare"

Disclosure Date: July 02, 2021 (last updated July 14, 2021)
Windows Print Spooler Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2021-24085

Disclosure Date: February 25, 2021 (last updated March 05, 2021)
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-1730.
Attacker Value
Low

CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Disclosure Date: January 12, 2021 (last updated January 16, 2021)
CVE-2021-1647 is a zero-day remote code execution vulnerability in the Malware Protection Engine component (mpengine.dll) of Microsoft's Defender anti-virus product. It was published as part of the January 2021 Patch Tuesday release, along with a disclosure from Microsoft acknowledging that the vulnerability had been exploited in the wild. More information: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
Attacker Value
Low

CVE-2019-14287

Disclosure Date: October 17, 2019 (last updated June 05, 2020)
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Attacker Value
Very High

CVE-2020-1337

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
Attacker Value
High

CVE-2021-1732

Disclosure Date: February 25, 2021 (last updated March 04, 2021)
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
Attacker Value
Low

CVE-2020-0986

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.