Lucene search
K
MicrosoftWindows 102004

913 matches found

CVE
CVE
added 2021/05/11 12:0 a.m.620 views

CVE-2020-24588

The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...

3.5CVSS6.4AI score0.03537EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.437 views

CVE-2020-1206

CVE-2020-1206 is an information disclosure vulnerability in SMBv3 (Microsoft Server Message Block 3.1.1) that affects the SMBv3 client/server handling of certain requests. The connected documents describe an information disclosure in SMBv3 and note that attackers can chain SMBleed with SMBGhost t...

7.5CVSS7.4AI score0.0954EPSS
In wild
CVE
CVE
added 2021/01/12 7:42 p.m.378 views

CVE-2021-1648

CVE-2021-1648 is a Windows splwow64 Elevation of Privilege vulnerability. The affected component is splwow64 (Printer subsystem interaction with 32-bit print path). The CVE is publicly documented with a high-severity CVSS, reflecting local access and privilege escalation potential. The connected ...

7.8CVSS7.7AI score0.01229EPSS
In wild
CVE
CVE
added 2021/07/16 8:19 p.m.378 views

CVE-2021-34481

CVE-2021-34481 is a Windows Print Spooler remote code execution vulnerability. A low-privilege user could stage and install vulnerable printer drivers into the driver store and then escalate to SYSTEM by exploiting the spooler’s driver-install path. Affected scope includes Windows 8.1 and newer; ...

9.8CVSS9AI score0.45423EPSS
In wild
CVE
CVE
added 2021/06/08 10:46 p.m.353 views

CVE-2021-26414

CVE-2021-26414 is a Windows DCOM Server Security Feature Bypass. Connected docs confirm a DCOM hardening series (phase 3) and note mitigations: after applying relevant updates, DCOM hardening changes are permanent and cannot be disabled via registry. Microsoft guidance recommends enabling DCOM au...

6.5CVSS6.9AI score0.4997EPSS
CVE
CVE
added 2020/07/29 5:45 p.m.349 views

CVE-2020-15707

CVE-2020-15707 is a GRUB2 bootloader vulnerability (initrd size handling) causing a heap-based buffer overflow via integer overflow in initrd processing. The flaw affects GRUB2 2.04 and earlier as deployed in multiple distros (Debian, Red Hat, Ubuntu) and can enable arbitrary code execution durin...

6.4CVSS7.6AI score0.01588EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.338 views

CVE-2020-1269

Technical details for CVE-2020-1269 are not provided in the supplied documents. Monitor for updates from official sources.

7.8CVSS7.7AI score0.00946EPSS
In wild
CVE
CVE
added 2020/07/29 5:45 p.m.334 views

CVE-2020-15706

CVE-2020-15706 affects GRUB2 (2.04 and earlier) and is a race-condition/use-after-free in grub_script_function_create() triggered by redefining a function during execution, leading to arbitrary code execution and Secure Boot restriction bypass. Remediation is to upgrade to patched GRUB2 packages ...

6.4CVSS7.7AI score0.00977EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.326 views

CVE-2021-34514

CVE-2021-34514 is identified as a Windows Kernel elevation-of-privilege vulnerability. The available connected documents confirm a Windows Kernel issue with elevation of privilege but do not provide concrete technical details (root cause, affected component/version, exploit specifics, or a remedi...

7.8CVSS8.2AI score0.00668EPSS
In wild
CVE
CVE
added 2020/07/29 5:45 p.m.322 views

CVE-2020-15705

GRUB2 ≤ 2.04 fails to validate kernel signatures when booting directly without shim, allowing Secure Boot bypass if the kernel signing certificate is in the Secure Boot DB. The issue affects GRUB2 2.04 and earlier; upgrades to patched grub2/shim combinations are advised (e.g., 2.06+ and related s...

6.4CVSS7.1AI score0.01434EPSS
CVE
CVE
added 2021/09/15 11:23 a.m.299 views

CVE-2021-38633

CVE-2021-38633 affects Windows CLFS driver (Common Log File System). Connected sources provide concrete technical detail: the vulnerability is a local privilege escalation in clfs.sys, related to CLFS container/file creation paths and privilege checks (e.g., CClfsBaseFilePersisted::CreateContaine...

7.8CVSS8AI score0.00887EPSS
In wild
CVE
CVE
added 2021/08/12 6:11 p.m.297 views

CVE-2021-26424

The CVE-2021-26424 issue is a Windows TCP/IP remote code execution vulnerability. According to the NCSC advisory, it can be remotely triggered by a malicious IPv6 ping from a Hyper‑V guest to the Hyper‑V host, with exploitation achieved by sending a specially crafted TCP/IP packet to the host usi...

9.9CVSS8.8AI score0.58898EPSS
CVE
CVE
added 2021/09/15 11:23 a.m.295 views

CVE-2021-36963

Technical details about CVE-2021-36963 are not provided in the supplied documents. Public disclosures among the connected items do not specify affected products, root cause, impact, or fixes beyond the general vendor advisory; monitor for official updates.

7.8CVSS8AI score0.00977EPSS
In wild
CVE
CVE
added 2020/09/11 5:8 p.m.294 views

CVE-2020-1013

Technical details specific to CVE-2020-1013 are not provided in the supplied documents. The connected KB articles reference other updates and vulnerabilities but do not reveal CVE-2020-1013 specifics. Monitor for updates.

9.3CVSS7.5AI score0.06405EPSS
CVE
CVE
added 2020/08/17 7:12 p.m.290 views

CVE-2020-1337

CVE-2020-1337 is a local privilege-escalation vulnerability in the Windows Print Spooler. It results from a bypass of the CVE-2020-1048 patch via a Junction Directory, allowing an unprivileged user to achieve elevation by abusing how the spooler writes to the file system. The risk is local (no ne...

7.8CVSS8.2AI score0.14179EPSS
In wild
CVE
CVE
added 2020/11/11 6:48 a.m.287 views

CVE-2020-1599

CVE-2020-1599 is referenced in connected material (notably Microsoft ZLoader defense-evasion coverage) as a vulnerability used to aid attacker techniques (e.g., signing/validating files to mask malice). The documents do not provide concrete technical details on the root cause, affected products/v...

5.5CVSS7.2AI score0.19124EPSS
In wild
CVE
CVE
added 2020/06/09 7:44 p.m.285 views

CVE-2020-1307

Technical details for CVE-2020-1307 are not publicly provided in the supplied documents. Monitor for updates from official sources for affected products, impact, and remediation if available.

9.3CVSS7.7AI score0.03763EPSS
In wild
CVE
CVE
added 2021/05/11 7:11 p.m.285 views

CVE-2021-31167

CVE-2021-31167 is a Windows vulnerability in the Container Manager Service that enables Elevation of Privilege. It is a local, low-attack-complexity issue with high impact (confidentiality/ integrity/ availability), allowing an attacker with low privileges to escalate. Public exploits are noted f...

7.8CVSS7.6AI score0.01013EPSS
In wild
CVE
CVE
added 2021/01/12 7:42 p.m.277 views

CVE-2021-1678

CVE-2021-1678 affects the Windows Print Spooler service and is described in Connected documents as an arbitrary code execution vulnerability. The available connected document provides a PoC exploit (Exploit for CVE-2021-1678) hosted on Gitee, contained in a Docker container with a Python script s...

8.8CVSS8AI score0.0938EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.277 views

CVE-2021-43217

CVE-2021-43217 is a Windows Encrypting File System (EFS) remote code execution vulnerability. The connected exploit document documents a practical demonstration of an EFS bypass on Windows 10 and shows use of Kali Linux, Metasploit and reverse TCP payloads, indicating an attacker could achieve co...

9.8CVSS9.1AI score0.06419EPSS
In wild
CVE
CVE
added 2021/05/11 7:11 p.m.274 views

CVE-2021-28476

CVE-2021-28476 is a Hyper-V vmswitch.sys vulnerability enabling guest-to-host access via an out-of-bounds read in VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST when processing OID_SWITCH_NIC_REQUEST. Public PoC/exploit code exists (e.g., 0vercl0k and LaCeeKa repos) and prior reports describe guest-trig...

9.9CVSS9.7AI score0.38625EPSS
CVE
CVE
added 2021/08/12 6:12 p.m.271 views

CVE-2021-34487

Technical details for CVE-2021-34487 are not publicly available in the provided connected documents. Monitor for updates from Microsoft and CVE records; no concrete affected products, root cause, or fixes are described here.

7.8CVSS7.6AI score0.0052EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.267 views

CVE-2020-1274

Technical details for CVE-2020-1274 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified here. Monitor for updates from official advisories and EUVD entries for any new information.

7.8CVSS7.7AI score0.00795EPSS
In wild
CVE
CVE
added 2021/08/12 6:11 p.m.267 views

CVE-2021-26432

CVE-2021-26432 is a remote code execution vulnerability in the Windows Services for NFS ONCRPC XDR Driver. The issue allows an attacker to execute arbitrary code on a vulnerable system via the ONCRPC XDR Driver component, with high impact (C/H/I/A = HIGH) and network access (CVSS scores reflect r...

9.8CVSS8.8AI score0.10326EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.265 views

CVE-2020-16916

CVE-2020-16916 is a Windows elevation-of-privilege flaw in the COM server object creation path. The root cause is Windows handling of COM object creation, allowing an attacker who can log on to run a specially crafted application that exploits the vulnerability to gain elevated code execution. Mi...

7.8CVSS8.2AI score0.00976EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.264 views

CVE-2020-1275

Technical details for CVE-2020-1275 are not publicly available in the provided documents. Monitor for updates from official advisories; no confirmed affected products, impact, or remediation are stated here.

7.8CVSS7.7AI score0.00795EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.263 views

CVE-2020-1237

Technical details for CVE-2020-1237 are not publicly available in the provided documents. The connected EUVD entries do not supply product/version/impact specifics. Monitor for updates.

7.8CVSS7.8AI score0.03158EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.260 views

CVE-2020-1276

Technical details for CVE-2020-1276 are not publicly available in the provided documents. Monitoring for updates is recommended.

7.8CVSS7.7AI score0.00875EPSS
In wild
CVE
CVE
added 2021/12/15 2:15 p.m.260 views

CVE-2021-43883

CVE-2021-43883 is a Windows Installer Elevation of Privilege vulnerability. The Windows Installer component can be abused when a user is tricked into installing a malicious package, enabling an attacker to gain elevated privileges on the system. The CVSS details in the provided data show a local ...

7.8CVSS8.7AI score0.11963EPSS
In wild
CVE
CVE
added 2020/06/09 7:44 p.m.259 views

CVE-2020-1316

CVE-2020-1316 is a Windows kernel elevation of privilege vulnerability where the Windows kernel fails to properly handle objects in memory. This can allow a local attacker with low privileges to achieve high integrity/critical impact (confidentiality, integrity, and availability), as indicated by...

7.8CVSS7.7AI score0.00901EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.257 views

CVE-2020-1262

Technical details for CVE-2020-1262 are not publicly available in the provided documents. Monitor for updates from official advisories.

7.8CVSS7.7AI score0.00856EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.254 views

CVE-2020-1246

Technical details for CVE-2020-1246 are not publicly provided in the supplied documents. Monitor for updates from official advisories and connected sources.

7.8CVSS7.7AI score0.00901EPSS
In wild
CVE
CVE
added 2021/03/11 3:38 p.m.252 views

CVE-2021-26868

Technical details about CVE-2021-26868 are not publicly provided in the supplied documents; monitor for updates.

7.8CVSS8.4AI score0.02674EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.250 views

CVE-2020-1266

CVE-2020-1266 is a Windows kernel elevation-of-privilege vulnerability. The description attributes the issue to improper handling of objects in memory, enabling local privilege escalation with high impact (local access, minimal authentication). The provided metrics show a high base score (CVSS v3...

7.8CVSS7.7AI score0.00856EPSS
In wild
CVE
CVE
added 2020/06/09 7:44 p.m.250 views

CVE-2020-1301

CVE-2020-1301 is a SMBv1 remote code execution vulnerability that requires authentication on the target network. Publicly available guidance and advisories confirm SMBv1 handling flaws can allow code execution when a specially crafted packet is processed by an SMBv1 server. Connected advisories (...

8.8CVSS8.5AI score0.36708EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.249 views

CVE-2020-1273

Technical details for CVE-2020-1273 are not provided in the connected documents. Monitor official advisories for updates; no validated exploit, affected products, or remediation information are included here.

7.8CVSS7.7AI score0.00738EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.243 views

CVE-2020-1264

Technical details for CVE-2020-1264 are not publicly available in the provided documents; no affected products, impact, exploit information, or remediation are specified here. Monitor for updates.

7.8CVSS7.7AI score0.00795EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.242 views

CVE-2020-1300

CVE-2020-1300 is a Windows remote code execution vulnerability that arises when Cabinet (.cab) files are not handled securely. The vulnerability can be exploited by convincing a user to open a specially crafted CAB file or by spoofing a network printer and tricking the user into installing a mali...

8.8CVSS8.3AI score0.59518EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.240 views

CVE-2021-43207

Technical details (affected component, root cause, exploitability, and fixes) for CVE-2021-43207 are not provided in the connected documents. Only the vulnerability name and CVSS metrics are present. Monitor official disclosures for specifics.

7.8CVSS8.6AI score0.00632EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.239 views

CVE-2020-1299

CVE-2020-1299 is a Windows remote code execution vulnerability that occurs when a malicious or specially crafted .LNK file is processed. The available connected document explicitly states it is an RCE in LNK file processing and that exploitation would grant the attacker the same user rights as th...

9.3CVSS8.4AI score0.14544EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.237 views

CVE-2021-28455

Technical details about CVE-2021-28455 (affected components, root cause, impact, and fixes) are not publicly provided in the supplied documents; monitor for updates.

8.8CVSS9.3AI score0.0212EPSS
CVE
CVE
added 2021/08/12 6:12 p.m.236 views

CVE-2021-36936

Technical details about CVE-2021-36936 are not publicly provided in the connected documents. No vendor/product/version specifics or remediation steps are present here. Monitor for updates from official advisories and trusted security trackers.

9.8CVSS9AI score0.06762EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.225 views

CVE-2020-16938

CVE-2020-16938 is a Windows Kernel information-disclosure vulnerability where the kernel improperly handles objects in memory, enabling a locally logged-on attacker to obtain information that could aid further compromise. The issue is targeted at the Windows kernel memory handling (information di...

5.5CVSS6AI score0.02334EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.224 views

CVE-2020-16891

Technical details for CVE-2020-16891 are not provided in the connected documents. Public details appear limited to the initial description; monitor for updates and additional disclosures.

8.8CVSS9.4AI score0.00937EPSS
CVE
CVE
added 2021/03/11 3:43 p.m.224 views

CVE-2021-26899

Technical details for CVE-2021-26899, including affected product/version, root cause, impact, and fix, are not provided in the connected documents. Monitor for updates from official sources.

7.8CVSS8.6AI score0.0086EPSS
In wild
CVE
CVE
added 2021/08/12 6:12 p.m.224 views

CVE-2021-34535

CVE-2021-34535 is a Remote Desktop Client remote code execution vulnerability in Windows. According to the connected sources, it affects the Windows Remote Desktop Client component and is rated High (CVSS v3.1 base 8.8). Exploitation was addressed in Microsoft’s August 2021 Patch Tuesday updates;...

8.8CVSS8.8AI score0.18354EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.222 views

CVE-2021-41335

Technical details for CVE-2021-41335 are not publicly available in the provided documents. Monitor for updates.

7.8CVSS8AI score0.01338EPSS
CVE
CVE
added 2021/09/15 11:24 a.m.219 views

CVE-2021-38671

Technical details about CVE-2021-38671 are not publicly available in the provided documents; monitor for updates and cross-check with official advisories for affected products and fixes.

7.8CVSS8AI score0.00479EPSS
CVE
CVE
added 2021/10/13 12:26 a.m.216 views

CVE-2021-26441

CVE-2021-26441 is a local-elevation vulnerability in the Storage Spaces Controller. CVSSv3.1 base 7.8 (HIGH): LOCAL vector, LOW privileges required, no user interaction; impacts on confidentiality, integrity, and availability are High. The provided documents do not specify affected product/versio...

7.8CVSS7.9AI score0.00922EPSS
CVE
CVE
added 2021/08/12 6:11 p.m.216 views

CVE-2021-34480

Technical details about CVE-2021-34480 are not provided in the connected documents. Public descriptions exist, but no specifics on affected products, root cause, impact, or fixes are included here. Monitor for updates.

8.8CVSS7.8AI score0.31825EPSS
Total number of security vulnerabilities913