Show filters

Showing topic results for "":

(1-10 of 19908)

Maximum of 10,000 topics displayable. Please refine your search.
Sort by:
Attacker Value
Very High

CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug

Disclosure Date: February 11, 2020 (last updated September 18, 2020)
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Attacker Value
Very High

CVE-2021-3156 "Baron Samedit"

Disclosure Date: January 26, 2021 (last updated February 05, 2021)
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Attacker Value
High

CVE-2020-17087 Windows Kernel local privilege escalation 0day

Disclosure Date: November 11, 2020 (last updated November 17, 2020)
CVE-2020-17087 is a pool-based buffer overflow vulnerability in the Windows Kernel Cryptography Driver (cng.sys). The vulnerability arises from input/output controller (IOCTL) 0x390400 processing and could allow a local attacker to escalate privileges, including for sandbox escape. The vulnerability was initially released as a zero-day by Google's Project Zero team; it was patched on November 10, 2020, as part of Microsoft's November 2020 Patch Tuesday release.
Attacker Value
Low

CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Disclosure Date: January 12, 2021 (last updated January 16, 2021)
CVE-2021-1647 is a zero-day remote code execution vulnerability in the Malware Protection Engine component (mpengine.dll) of Microsoft's Defender anti-virus product. It was published as part of the January 2021 Patch Tuesday release, along with a disclosure from Microsoft acknowledging that the vulnerability had been exploited in the wild. More information: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1647
Attacker Value
Low

CVE-2019-14287

Disclosure Date: October 17, 2019 (last updated June 05, 2020)
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Attacker Value
Very High

CVE-2020-1337

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
Attacker Value
Low

CVE-2020-0986

Disclosure Date: June 09, 2020 (last updated July 24, 2020)
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
Attacker Value
High

CVE-2021-1732

Disclosure Date: February 25, 2021 (last updated March 04, 2021)
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
Attacker Value
High

CVE-2020-1048: Windows Print Spooler Elevation of Privilege Vulnerability

Disclosure Date: May 21, 2020 (last updated September 18, 2020)
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Attacker Value
High

CVE-2020-3956: VMware Cloud Director Code Injection Vulnerability

Disclosure Date: May 20, 2020 (last updated July 24, 2020)
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.