Lucene search
K
MscveMost viewed

21761 matches found

Microsoft CVE
Microsoft CVE
added 2020/11/10 8:0 a.m.34 views

Azure Sphere Elevation of Privilege Vulnerability

...

7.2CVSS6.7AI score0.00699EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.34 views

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...

7.8CVSS3.1AI score0.03158EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.34 views

Windows Text Services Framework Information Disclosure Vulnerability

An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow a...

5.5CVSS1.6AI score0.01233EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/13 7:0 a.m.34 views

Windows Application Compatibility Client Library Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need cod...

7.8CVSS4.3AI score0.0142EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.34 views

Microsoft Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...

5.5CVSS2.2AI score0.01079EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.34 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

8.8CVSS2.6AI score0.03665EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.34 views

Win32k Information Disclosure Vulnerability

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to eithe...

5.5CVSS1.6AI score0.01129EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.34 views

OneDrive for Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...

7.1CVSS2.4AI score0.00998EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.34 views

Windows Shell Infrastructure Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker would first have to log on ...

7.8CVSS3AI score0.00931EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.34 views

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

7.4CVSS0.9AI score0.02687EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/09/08 7:0 a.m.34 views

Microsoft SharePoint Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security conte...

8.8CVSS2.1AI score0.03703EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.34 views

Windows Backup Engine Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi...

7.8CVSS4.3AI score0.00912EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/08/11 7:0 a.m.34 views

Microsoft SharePoint Spoofing Vulnerability

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...

5.5CVSS0.8AI score0.01749EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.34 views

Windows Update Stack Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or...

7.8CVSS3.3AI score0.01323EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.34 views

Windows Sync Host Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. To...

5.3CVSS3.9AI score0.00775EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.35 views

Windows Address Book Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Address Book WAB improperly processes vcard files. To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book WAB. After successfully exploiting the vulnerability, an attacker coul...

9.3CVSS3.6AI score0.11536EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/07/14 7:0 a.m.34 views

Windows Runtime Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...

7.8CVSS4.4AI score0.00708EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/06/09 7:0 a.m.34 views

VBScript Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

7.6CVSS8.1AI score0.08022EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2020/06/09 7:0 a.m.34 views

Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could...

9.3CVSS2.6AI score0.1178EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/06/09 7:0 a.m.34 views

Microsoft Outlook Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the target...

4.3CVSS2.3AI score0.03844EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.34 views

Microsoft Edge Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website that is used ...

8.1CVSS3AI score0.03291EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.34 views

Connected User Experiences and Telemetry Service Denial of Service Vulnerability

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality. To exploit this vulnerability, an attacker would...

5.5CVSS3.2AI score0.01025EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.34 views

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by entici...

9.3CVSS4.3AI score0.11548EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.34 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

7.8CVSS3.3AI score0.00856EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.34 views

Microsoft Dynamics Business Central/NAV Information Disclosure

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page. The attacker who successfully exploited the vulnerability could see the information that are in a...

7.5CVSS1.3AI score0.06158EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.34 views

Microsoft SharePoint Spoofing Vulnerability

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...

5.4CVSS0.8AI score0.01626EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.34 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.02194EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.34 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.00998EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/03/10 7:0 a.m.34 views

DirectX Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...

10CVSS2.8AI score0.06803EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/02/11 8:0 a.m.34 views

Microsoft Exchange Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other...

8.1CVSS3.2AI score0.03264EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/02/11 8:0 a.m.34 views

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

7.8CVSS3.3AI score0.01367EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/01/14 8:0 a.m.34 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.17168EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/01/14 8:0 a.m.34 views

Microsoft Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this...

5.5CVSS2.5AI score0.05927EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.34 views

Microsoft PowerPoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.9AI score0.18328EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.34 views

Git for Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wit...

8.8CVSS4.1AI score0.04426EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.34 views

Git for Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wit...

9.3CVSS4.1AI score0.22427EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.34 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

7.8CVSS4.1AI score0.01751EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.34 views

Azure Stack Spoofing Vulnerability

A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources. An attacker could exploit the vulnerability by sending a specially crafted request to the Azure Stac...

7.5CVSS2AI score0.57938EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.34 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.01131EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.34 views

Windows Modules Installer Service Information Disclosure Vulnerability

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. To exploit the vulnerability, an attacker would have to log onto an...

3.5CVSS2.3AI score0.01629EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.34 views

Remote Desktop Client Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...

9.3CVSS2.3AI score0.14909EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.34 views

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

7.8CVSS3.8AI score0.00902EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.34 views

Windows Imaging API Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would ha...

9.3CVSS4.5AI score0.34205EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.34 views

VBScript Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

7.6CVSS7.1AI score0.07053EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.34 views

MS XML Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could hos...

9.3CVSS4.1AI score0.12906EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.34 views

Windows Text Service Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Text Service Framework TSF when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious...

7.8CVSS4AI score0.00577EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.34 views

Microsoft SharePoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm...

8.8CVSS2.2AI score0.07784EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.34 views

Microsoft SharePoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

8.8CVSS2.9AI score0.10906EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.34 views

Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating syste...

8CVSS3.9AI score0.03841EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.34 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.01934EPSS
Exploits0
Total number of security vulnerabilities5000