Логотип exploitDog
source:"msrc"
Консоль
Логотип exploitDog

exploitDog

source:"msrc"

Количество 18 763

Количество 18 763

msrc логотип

CVE-2020-1438

больше 5 лет назад

Windows Network Connections Service Elevation of Privilege Vulnerability

CVSS3: 7
EPSS: Низкий
msrc логотип

CVE-2020-14387

около 4 лет назад

CVSS3: 7.4
EPSS: Низкий
msrc логотип

CVE-2020-14386

больше 5 лет назад

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-14385

больше 5 лет назад

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown or otherwise rendered inaccessible until it is remounted leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVSS3: 5.5
EPSS: Низкий
msrc логотип

CVE-2020-14383

больше 1 года назад

CVSS3: 6.5
EPSS: Низкий
msrc логотип

CVE-2020-14381

около 5 лет назад

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-1437

больше 5 лет назад

Windows Network Location Awareness Service Elevation of Privilege Vulnerability

CVSS3: 7
EPSS: Низкий
msrc логотип

CVE-2020-14378

5 месяцев назад

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

CVSS3: 3.3
EPSS: Низкий
msrc логотип

CVE-2020-14376

5 месяцев назад

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-14372

почти 5 лет назад

A flaw was found in grub2 in versions prior to 2.06 where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2020-1436

больше 5 лет назад

Windows Font Library Remote Code Execution Vulnerability

CVSS3: 6.3
EPSS: Средний
msrc логотип

CVE-2020-14364

больше 5 лет назад

CVSS3: 5
EPSS: Средний
msrc логотип

CVE-2020-1435

больше 5 лет назад

GDI+ Remote Code Execution Vulnerability

CVSS3: 6.3
EPSS: Средний
msrc логотип

CVE-2020-14356

больше 5 лет назад

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-14352

около 5 лет назад

CVSS3: 8
EPSS: Низкий
msrc логотип

CVE-2020-14351

около 5 лет назад

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-14350

больше 5 лет назад

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script during the installation or update of such extension. This affects PostgreSQL versions before 12.4 before 11.9 before 10.14 before 9.6.19 and before 9.5.23.

CVSS3: 7.3
EPSS: Низкий
msrc логотип

CVE-2020-1434

больше 5 лет назад

Windows Sync Host Service Elevation of Privilege Vulnerability

CVSS3: 4.5
EPSS: Низкий
msrc логотип

CVE-2020-14349

больше 5 лет назад

It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058 in order to execute arbitrary SQL command in the context of the user used for replication.

CVSS3: 7.1
EPSS: Низкий
msrc логотип

CVE-2020-14343

больше 2 лет назад

CVSS3: 9.8
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
msrc логотип
CVE-2020-1438

Windows Network Connections Service Elevation of Privilege Vulnerability

CVSS3: 7
0%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 7.4
0%
Низкий
около 4 лет назад
msrc логотип
CVE-2020-14386

A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS3: 7.8
1%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-14385

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown or otherwise rendered inaccessible until it is remounted leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVSS3: 5.5
0%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 6.5
0%
Низкий
больше 1 года назад
msrc логотип
CVE-2020-14381

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

CVSS3: 7.8
1%
Низкий
около 5 лет назад
msrc логотип
CVE-2020-1437

Windows Network Location Awareness Service Elevation of Privilege Vulnerability

CVSS3: 7
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

CVSS3: 3.3
0%
Низкий
5 месяцев назад
msrc логотип
CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
0%
Низкий
5 месяцев назад
msrc логотип
CVE-2020-14372

A flaw was found in grub2 in versions prior to 2.06 where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.5
1%
Низкий
почти 5 лет назад
msrc логотип
CVE-2020-1436

Windows Font Library Remote Code Execution Vulnerability

CVSS3: 6.3
11%
Средний
больше 5 лет назад
msrc логотип
CVSS3: 5
11%
Средний
больше 5 лет назад
msrc логотип
CVE-2020-1435

GDI+ Remote Code Execution Vulnerability

CVSS3: 6.3
36%
Средний
больше 5 лет назад
msrc логотип
CVSS3: 7.8
1%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 8
4%
Низкий
около 5 лет назад
msrc логотип
CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
0%
Низкий
около 5 лет назад
msrc логотип
CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script during the installation or update of such extension. This affects PostgreSQL versions before 12.4 before 11.9 before 10.14 before 9.6.19 and before 9.5.23.

CVSS3: 7.3
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-1434

Windows Sync Host Service Elevation of Privilege Vulnerability

CVSS3: 4.5
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-14349

It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058 in order to execute arbitrary SQL command in the context of the user used for replication.

CVSS3: 7.1
2%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 9.8
14%
Средний
больше 2 лет назад

Уязвимостей на страницу