CVE-2013-5045

Public exploit
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
Max CVSS
6.2
EPSS Score
0.08%
Published
2013-12-11
Updated
2018-10-12

CVE-2013-3660

Known exploited
Public exploit
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
Max CVSS
6.9
EPSS Score
0.06%
Published
2013-05-24
Updated
2019-02-26
CISA KEV Added
2022-03-28

CVE-2008-2463

Public exploit
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Max CVSS
6.8
EPSS Score
97.18%
Published
2008-07-07
Updated
2017-09-29

CVE-2006-4704

Public exploit
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
Max CVSS
6.8
EPSS Score
96.49%
Published
2006-11-01
Updated
2018-10-17

CVE-2005-2120

Public exploit
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
Max CVSS
6.5
EPSS Score
3.04%
Published
2005-10-13
Updated
2018-10-12
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.
Max CVSS
6.0
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Max CVSS
6.6
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Compressed Folder Tampering Vulnerability
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Windows USB Hub Driver Remote Code Execution Vulnerability
Max CVSS
6.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-30
Updated
2024-02-06
Microsoft Azure Active Directory B2C Spoofing Vulnerability
Max CVSS
6.8
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-02-23
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-03-12
Windows Kernel Remote Code Execution Vulnerability
Max CVSS
6.8
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-02-21
Windows USB Generic Parent Driver Remote Code Execution Vulnerability
Max CVSS
6.4
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-03-12
Windows Themes Spoofing Vulnerability
Max CVSS
6.5
EPSS Score
0.07%
Published
2024-01-09
Updated
2024-01-12
Microsoft Identity Denial of service vulnerability
Max CVSS
6.8
EPSS Score
0.08%
Published
2024-01-09
Updated
2024-01-29
Windows Server Key Distribution Service Security Feature Bypass
Max CVSS
6.1
EPSS Score
0.10%
Published
2024-01-09
Updated
2024-01-12
Microsoft Message Queuing Information Disclosure Vulnerability
Max CVSS
6.5
EPSS Score
0.10%
Published
2024-01-09
Updated
2024-01-12
Windows Nearby Sharing Spoofing Vulnerability
Max CVSS
6.5
EPSS Score
0.07%
Published
2024-01-09
Updated
2024-01-14
Windows Hyper-V Denial of Service Vulnerability
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-02-26
Windows Message Queuing Client (MSMQC) Information Disclosure
Max CVSS
6.5
EPSS Score
0.10%
Published
2024-01-09
Updated
2024-01-14
Azure Stack Hub Spoofing Vulnerability
Max CVSS
6.5
EPSS Score
0.07%
Published
2024-02-13
Updated
2024-02-26
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Max CVSS
6.3
EPSS Score
0.11%
Published
2024-01-11
Updated
2024-01-18
BitLocker Security Feature Bypass Vulnerability
Max CVSS
6.6
EPSS Score
0.05%
Published
2024-01-09
Updated
2024-01-14
882 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!