Логотип exploitDog
source:"msrc"
Консоль
Логотип exploitDog

exploitDog

source:"msrc"

Количество 18 769

Количество 18 769

msrc логотип

CVE-2020-14352

больше 5 лет назад

CVSS3: 8
EPSS: Низкий
msrc логотип

CVE-2020-14351

около 5 лет назад

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-14350

больше 5 лет назад

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script during the installation or update of such extension. This affects PostgreSQL versions before 12.4 before 11.9 before 10.14 before 9.6.19 and before 9.5.23.

CVSS3: 7.3
EPSS: Низкий
msrc логотип

CVE-2020-1434

больше 5 лет назад

Windows Sync Host Service Elevation of Privilege Vulnerability

CVSS3: 4.5
EPSS: Низкий
msrc логотип

CVE-2020-14349

больше 5 лет назад

It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058 in order to execute arbitrary SQL command in the context of the user used for replication.

CVSS3: 7.1
EPSS: Низкий
msrc логотип

CVE-2020-14343

больше 2 лет назад

CVSS3: 9.8
EPSS: Средний
msrc логотип

CVE-2020-14342

больше 5 лет назад

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission such as via sudo rules could use this flaw to escalate their privileges.

CVSS3: 7
EPSS: Низкий
msrc логотип

CVE-2020-1433

больше 5 лет назад

Microsoft Edge PDF Information Disclosure Vulnerability

CVSS3: 4.3
EPSS: Средний
msrc логотип

CVE-2020-14331

больше 5 лет назад

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console calling an ioctl VT_RESIZE which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 6.6
EPSS: Низкий
msrc логотип

CVE-2020-1432

больше 5 лет назад

Skype for Business via Internet Explorer Information Disclosure Vulnerability

CVSS3: 4.3
EPSS: Низкий
msrc логотип

CVE-2020-14323

больше 1 года назад

CVSS3: 5.5
EPSS: Низкий
msrc логотип

CVE-2020-1431

больше 5 лет назад

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVSS3: 7.1
EPSS: Низкий
msrc логотип

CVE-2020-14318

больше 1 года назад

CVSS3: 4.3
EPSS: Низкий
msrc логотип

CVE-2020-14314

больше 5 лет назад

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVSS3: 5.5
EPSS: Низкий
msrc логотип

CVE-2020-14311

больше 5 лет назад

CVSS3: 6
EPSS: Низкий
msrc логотип

CVE-2020-14310

7 месяцев назад

CVSS3: 6
EPSS: Низкий
msrc логотип

CVE-2020-1430

больше 5 лет назад

Windows UPnP Device Host Elevation of Privilege Vulnerability

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2020-14309

больше 5 лет назад

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

CVSS3: 6.7
EPSS: Низкий
msrc логотип

CVE-2020-14308

больше 5 лет назад

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity confidentiality and availability impacts during the boot process.

CVSS3: 6.4
EPSS: Низкий
msrc логотип

CVE-2020-1429

больше 5 лет назад

Windows Error Reporting Manager Elevation of Privilege Vulnerability

CVSS3: 7
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
msrc логотип
CVSS3: 8
4%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-14351

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 7.8
0%
Низкий
около 5 лет назад
msrc логотип
CVE-2020-14350

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script during the installation or update of such extension. This affects PostgreSQL versions before 12.4 before 11.9 before 10.14 before 9.6.19 and before 9.5.23.

CVSS3: 7.3
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-1434

Windows Sync Host Service Elevation of Privilege Vulnerability

CVSS3: 4.5
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-14349

It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058 in order to execute arbitrary SQL command in the context of the user used for replication.

CVSS3: 7.1
2%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 9.8
14%
Средний
больше 2 лет назад
msrc логотип
CVE-2020-14342

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission such as via sudo rules could use this flaw to escalate their privileges.

CVSS3: 7
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-1433

Microsoft Edge PDF Information Disclosure Vulnerability

CVSS3: 4.3
25%
Средний
больше 5 лет назад
msrc логотип
CVE-2020-14331

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console calling an ioctl VT_RESIZE which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 6.6
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-1432

Skype for Business via Internet Explorer Information Disclosure Vulnerability

CVSS3: 4.3
10%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 5.5
0%
Низкий
больше 1 года назад
msrc логотип
CVE-2020-1431

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVSS3: 7.1
0%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 4.3
0%
Низкий
больше 1 года назад
msrc логотип
CVE-2020-14314

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVSS3: 5.5
0%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 6
0%
Низкий
больше 5 лет назад
msrc логотип
CVSS3: 6
0%
Низкий
7 месяцев назад
msrc логотип
CVE-2020-1430

Windows UPnP Device Host Elevation of Privilege Vulnerability

CVSS3: 7.8
1%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-14309

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

CVSS3: 6.7
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-14308

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity confidentiality and availability impacts during the boot process.

CVSS3: 6.4
0%
Низкий
больше 5 лет назад
msrc логотип
CVE-2020-1429

Windows Error Reporting Manager Elevation of Privilege Vulnerability

CVSS3: 7
0%
Низкий
больше 5 лет назад

Уязвимостей на страницу