Lucene search
K
MscveMost viewed

21761 matches found

Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.41 views

Windows Imaging Component Information Disclosure Vulnerability

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker...

6.5CVSS7.4AI score0.0642EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.41 views

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation CNG Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker would...

7.8CVSS4AI score0.00762EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.41 views

Microsoft Graphics Components Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafte...

9.3CVSS3.9AI score0.14041EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.41 views

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

5.5CVSS1.1AI score0.06119EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.41 views

Windows Subsystem for Linux Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim...

7.8CVSS3.8AI score0.00729EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/06/09 7:0 a.m.41 views

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...

9.3CVSS8.4AI score0.13732EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.41 views

.NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by...

7.8CVSS4.9AI score0.02309EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.41 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the...

8.8CVSS3.6AI score0.0861EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.41 views

Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. To exploit this vulnerability, an attacker would first hav...

7.1CVSS4.2AI score0.00737EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.41 views

Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have...

7.5CVSS2.2AI score0.02015EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.41 views

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...

9.3CVSS8.8AI score0.21983EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/02/11 8:0 a.m.41 views

Remote Desktop Client Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...

7.6CVSS2.3AI score0.1022EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.41 views

Microsoft Office Excel Security Feature Bypass

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in ...

7.8CVSS2.8AI score0.03264EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.41 views

HTTP/2 Server Denial of Service Vulnerability

A denial of service vulnerability exists in the HTTP/2 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. ...

7.8CVSS2.3AI score0.25448EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.41 views

Windows VBScript Engine Remote Code Execution Vulnerability

This information is being revised to indicate that this CVE CVE-2019-1183 is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required...

9.3CVSS2.5AI score0.04848EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.41 views

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us...

8.8CVSS3AI score0.09996EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.41 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.09788EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.41 views

Windows OLE Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a...

9.3CVSS4.3AI score0.14351EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.41 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

7.8CVSS2.9AI score0.04352EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2019/03/12 7:0 a.m.41 views

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, a...

6.5CVSS2.4AI score0.03854EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/03/12 7:0 a.m.41 views

Windows VBScript Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

7.6CVSS8.1AI score0.08261EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.41 views

Internet Explorer Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges the permissions of the curre...

7.6CVSS2.7AI score0.45762EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.41 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

7.8CVSS3.3AI score0.04161EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.41 views

Windows SMB Denial of Service Vulnerability

A denial of service vulnerability exists in the Microsoft Server Block Message SMB when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to se...

7.8CVSS1.8AI score0.08997EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.41 views

Azure IoT SDK Spoofing Vulnerability

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform. An attacker who successfully exploited this vulnerability could impersonate a server used during the provisioning process. To exploit this vulnerability, an...

6.8CVSS1.2AI score0.02131EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/07/10 7:0 a.m.41 views

.NET Framework Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly...

10CVSS2AI score0.03246EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/06/12 7:0 a.m.41 views

Windows DNSAPI Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Windows Domain Name System DNS DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the...

9.3CVSS7.1AI score0.22257EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.41 views

DirectX Graphics Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to...

7.8CVSS2.4AI score0.01297EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.41 views

Windows Desktop Bridge VFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Desktop Bridge VFS does not take into acccount user/kernel mode when managing file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;...

7.8CVSS3.1AI score0.0348EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.41 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...

4.7CVSS4.9AI score0.02866EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.41 views

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS7.7AI score0.23877EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/10/10 7:0 a.m.41 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

4.7CVSS3.1AI score0.02091EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.41 views

NetBIOS Remote Code Execution Vulnerability

A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacte...

8.1CVSS4.6AI score0.11229EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.41 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS1.2AI score0.0175EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/08/08 7:0 a.m.41 views

Windows NetBIOS Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. A remote unauthenticated attacker could exploit this vulnerability by...

6.5CVSS3.2AI score0.0258EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/08/08 7:0 a.m.41 views

Microsoft Edge Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing script to run with elevated privileges. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the...

6.1CVSS2.1AI score0.02956EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.41 views

Microsoft PowerPoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.9AI score0.17127EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.41 views

Windows COM Session Elevation of Privilege Vulnerability

An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session. To exploit the...

7.3CVSS5.1AI score0.14265EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.41 views

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

6.5CVSS1.3AI score0.14265EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/05/09 7:0 a.m.41 views

Microsoft Edge Elevation of Privilege Vulnerability

A vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. To...

5.4CVSS2.1AI score0.02869EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/05/09 7:0 a.m.41 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...

7.6CVSS7.7AI score0.16992EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/05/09 7:0 a.m.41 views

Windows COM Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. An attacker could use this vulnerability to elevate their privilege level. To exploit this vulnerability an attacker would first need to have access to the local system and...

7CVSS4.4AI score0.03457EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2017/05/09 7:0 a.m.41 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have t...

4.7CVSS2.7AI score0.07048EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2016/11/08 8:0 a.m.41 views

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

9.3CVSS2.6AI score0.19641EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/08/09 7:0 a.m.41 views

Windows PDF Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

9.3CVSS3.5AI score0.18537EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2016/07/12 7:0 a.m.41 views

Secure Boot Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, ...

6.2CVSS3.6AI score0.01486EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/07/12 7:0 a.m.41 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

9.3CVSS8.5AI score0.23051EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/06/14 7:0 a.m.41 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...

7.6CVSS7.6AI score0.17401EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/05/10 7:0 a.m.41 views

Windows DLL Loading Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library DLL files. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete...

7.8CVSS4.6AI score0.04444EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.40 views

Windows TCP/IP Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network...

9.6CVSS5.8AI score0.00438EPSS
Exploits0
Total number of security vulnerabilities5000