Lucene search
K
MscveMost viewed

21761 matches found

Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.34 views

Windows dnsrslvr.dll Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

7.8CVSS3.3AI score0.00992EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.34 views

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

7.8CVSS2.9AI score0.00903EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.34 views

Windows Event Viewer Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows Event Viewer eventvwr.msc when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE declaration...

5.5CVSS4.9AI score0.12672EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2019/06/11 7:0 a.m.34 views

Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

9.3CVSS1.8AI score0.06558EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.34 views

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way Windows Error Reporting WER handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts wit...

7.8CVSS3.5AI score0.05207EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.34 views

Windows TCP/IP Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have ...

7.5CVSS2.1AI score0.07877EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.34 views

Windows CSRSS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem CSRSS fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete...

7.8CVSS4.3AI score0.03662EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.34 views

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS1.4AI score0.08957EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.34 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...

7.6CVSS7.9AI score0.81551EPSS
Exploits6
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.34 views

OLE Automation Remote Code Execution Vulnerability

A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system. To exploit the vulnerability, an attacker could host a specially crafted website designed to...

9.3CVSS4AI score0.15479EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/03/12 7:0 a.m.34 views

Windows DHCP Client Remote Code Execution Vulnerability

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send...

9.8CVSS3.4AI score0.54036EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/03/12 7:0 a.m.34 views

Windows Hyper-V Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application...

6.8CVSS1.9AI score0.019EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/02/12 8:0 a.m.34 views

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser. In a web-based attack scenario, an attacker could host a websi...

4.3CVSS1.9AI score0.05432EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/02/12 8:0 a.m.34 views

Microsoft Excel Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...

6.5CVSS1.1AI score0.0643EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.34 views

Microsoft SharePoint Server Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in...

8.8CVSS2.6AI score0.06127EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.34 views

DirectX Information Disclosure Vulnerability

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a...

5.5CVSS1.6AI score0.01819EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/12/11 8:0 a.m.34 views

.NET Framework Denial Of Service Vulnerability

A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without...

7.5CVSS2.9AI score0.0583EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.34 views

Internet Explorer Memory Corruption Vulnerability

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit...

7.6CVSS1.5AI score0.14159EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.34 views

Microsoft Outlook Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

9.3CVSS2.7AI score0.18594EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.34 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS1.2AI score0.01605EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.34 views

Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

9.3CVSS1.8AI score0.19059EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.34 views

Windows Elevation Of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media USB, DVD, etc. with the “keep nothing” option selected during installation. Successful exploitation of the vulnerability could allow an attacker to gain local access to an affected system...

6.9CVSS6.5AI score0.01239EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.34 views

DirectX Information Disclosure Vulnerability

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a...

5.5CVSS1.6AI score0.01682EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.34 views

Linux On Windows Elevation Of Privilege Vulnerability

An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs;...

7.8CVSS2.7AI score0.01177EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/10/09 7:0 a.m.34 views

Microsoft JET Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user right...

9.3CVSS1.8AI score0.32705EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.34 views

Lync for Mac 2011 Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages. An attacker who successfully exploited this vulnerability could cause a targeted Lync for Mac 2011 user's system to browse to an attacker-specified website or automatically...

7.5CVSS3.7AI score0.38177EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2018/09/11 7:0 a.m.34 views

Windows Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to download an image fil...

8.8CVSS4AI score0.14646EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.34 views

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the...

5.5CVSS2.2AI score0.06849EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.34 views

Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could...

9.3CVSS2.6AI score0.73968EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/07/10 7:0 a.m.34 views

Microsoft Wireless Display Adapter Command Injection Vulnerability

A command injection vulnerability exists in the Microsoft Wireless Display Adapter MWDA when the Microsoft Wireless Display Adapter does not properly manage user input. For this vulnerability to be exploited, the attacker must be authenticated logged on to the target display. To exploit the...

5.5CVSS2.9AI score0.02884EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/07/10 7:0 a.m.34 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...

7.6CVSS7.1AI score0.70028EPSS
Exploits3
Microsoft CVE
Microsoft CVE
added 2018/07/10 7:0 a.m.34 views

Microsoft Edge Spoofing Vulnerability

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as...

6.1CVSS1AI score0.06413EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/06/12 7:0 a.m.34 views

Windows Desktop Bridge Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or...

7CVSS4AI score0.03152EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2018/06/12 7:0 a.m.34 views

Microsoft Publisher Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. To...

7.8CVSS3.3AI score0.15416EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.34 views

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.23069EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.34 views

Microsoft SharePoint Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS1.2AI score0.02618EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.34 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.6AI score0.23069EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/05/08 7:0 a.m.34 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...

4.7CVSS1.7AI score0.0244EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/04/10 7:0 a.m.34 views

Graphics Component Font Parsing Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete dat...

7CVSS3.4AI score0.01152EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/04/10 7:0 a.m.34 views

Device Guard Security Feature Bypass Vulnerability

A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard...

5.3CVSS2.1AI score0.0236EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2018/04/10 7:0 a.m.34 views

Windows VBScript Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

9.3CVSS7.4AI score0.18925EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.34 views

.NET Core Denial of Service Vulnerability

A denial of service vulnerability exists in the way that .NET Core handles specially crafted requests, causing a hash collision. To exploit the vulnerability, an attacker could send a small number of specially crafted requests to an .NET Core web application, causing performance to degrade...

7.5CVSS1.9AI score0.09436EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.34 views

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

4.3CVSS1.5AI score0.05719EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/03/13 7:0 a.m.34 views

Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity UMCI policy on the machine. To exploit the vulnerability, an attacke...

7.8CVSS1.7AI score0.01157EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.34 views

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attac...

4.3CVSS0.7AI score0.05605EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/02/13 8:0 a.m.34 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...

4.7CVSS1.7AI score0.02076EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/01/09 8:0 a.m.34 views

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS8.3AI score0.24398EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/12/07 8:0 a.m.34 views

Microsoft Malware Protection Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSyste...

9.3CVSS2.2AI score0.19759EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/11/14 8:0 a.m.34 views

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

4.7CVSS3.1AI score0.02184EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2017/10/10 7:0 a.m.34 views

W - SMB - DOS Authenticated

A denial of service vulnerability exists in the Microsoft Server Block Message SMB when an authenticated attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker...

7.8CVSS1.7AI score0.14399EPSS
Exploits0
Total number of security vulnerabilities5000