Show filters
55,070 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High
CVE-2021-1675
Disclosure Date: June 08, 2021 (last updated July 30, 2024)
Windows Print Spooler Remote Code Execution Vulnerability
23
Attacker Value
Very High
CVE-2020-0601, aka NSACrypt
Disclosure Date: January 14, 2020 (last updated October 06, 2023)
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
4
Attacker Value
Moderate
CVE-2021-40444
Disclosure Date: September 15, 2021 (last updated July 30, 2024)
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p>
<p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or …
11
Attacker Value
High
CVE-2022-30190
Disclosure Date: June 01, 2022 (last updated June 29, 2024)
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
11
Attacker Value
Very High
DejaBlue, RDP Heap Overflow
Disclosure Date: August 14, 2019 (last updated January 19, 2024)
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.
An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.
The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.
3
Attacker Value
Very High
CVE-2020-15999 Chrome Freetype 0day
Disclosure Date: November 03, 2020 (last updated November 08, 2023)
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8
Attacker Value
Very High
CVE-2021-26857
Disclosure Date: March 03, 2021 (last updated July 26, 2024)
Microsoft Exchange Server Remote Code Execution Vulnerability
5
Attacker Value
Very High
CVE-2021-24085
Disclosure Date: February 25, 2021 (last updated December 30, 2023)
Microsoft Exchange Server Spoofing Vulnerability
7
Attacker Value
Moderate
CVE-2021-21300
Disclosure Date: March 09, 2021 (last updated November 08, 2023)
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2.…
5
Attacker Value
High
CVE-2020-1147
Disclosure Date: July 14, 2020 (last updated October 07, 2023)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
5