Search
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1467 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-01-04 | 7.2 HIGH | 10.0 CRITICAL |
| <p>An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>The security update addresses the vulnerability by correcting how Windows handles hard links.</p> | |||||
| CVE-2021-24074 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2021-24077 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2021-24094 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2021-26432 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | |||||
| CVE-2021-26424 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 9.9 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2022-29130 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-12-21 | 9.3 HIGH | 9.8 CRITICAL |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||||
| CVE-2021-43215 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | |||||
| CVE-2021-31962 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-01 | 7.5 HIGH | 9.4 CRITICAL |
| Kerberos AppContainer Security Feature Bypass Vulnerability | |||||
| CVE-2020-0646 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | |||||
| CVE-2021-43217 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | |||||
| CVE-2018-8421 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2022-05-23 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0. | |||||
| CVE-2016-4138 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2021-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2018-8540 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2020-09-28 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2. | |||||
| CVE-2019-0736 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. | |||||
| CVE-2019-0626 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1182 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1222, CVE-2019-1226. | |||||
| CVE-2019-1384 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 6.5 MEDIUM | 9.9 CRITICAL |
| A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-1181 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1182, CVE-2019-1222, CVE-2019-1226. | |||||
| CVE-2019-1365 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 9.0 HIGH | 9.9 CRITICAL |
| An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1112 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-05-29 | 9.0 HIGH | 9.9 CRITICAL |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2017-8543 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | |||||
| CVE-2017-11771 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability". | |||||
| CVE-2017-8589 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | |||||
| CVE-2016-7182 | 1 Microsoft | 12 Live Meeting, Lync, Office and 9 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3236 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability." | |||||