Show filters
1,343 Total Results
Displaying 1-10 of 1,343
Sort by:
Attacker Value
Very High

CVE-2021-34527 "PrintNightmare"

Disclosure Date: July 02, 2021 (last updated November 28, 2024)
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.</p> <p>In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (<strong>Note</strong…
19
2
Attacker Value
Very High

CVE-2024-38063

Disclosure Date: August 13, 2024 (last updated September 10, 2024)
Windows TCP/IP Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
9
2
Attacker Value
High

CVE-2024-30080

Disclosure Date: June 11, 2024 (last updated January 12, 2025)
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
5
2
Attacker Value
Very High

CVE-2023-21752

Disclosure Date: January 10, 2023 (last updated January 11, 2025)
Windows Backup Service Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
5
1
Attacker Value
Very High

CVE-2023-36884

Disclosure Date: July 11, 2023 (last updated January 24, 2025)
Windows Search Remote Code Execution Vulnerability
6
1
Attacker Value
Moderate

CVE-2023-38146

Disclosure Date: September 12, 2023 (last updated January 11, 2025)
Windows Themes Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
3
1
Attacker Value
Very High

CVE-2023-28252

Disclosure Date: April 11, 2023 (last updated January 11, 2025)
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
4
1
Attacker Value
Unknown

CVE-2023-38545

Disclosure Date: October 18, 2023 (last updated April 02, 2024)
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
0
Attacker Value
High

CVE-2023-36874

Disclosure Date: July 11, 2023 (last updated January 24, 2025)
Windows Error Reporting Service Elevation of Privilege Vulnerability
4
1
Attacker Value
Unknown

CVE-2024-38134

Disclosure Date: August 13, 2024 (last updated August 16, 2024)
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
2
1
View More Topics  Next >