Patchapalooza Exploits

312 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-1675 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 < 10.0.10240.18967 - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by TheJoyOfHacking
CVSS 7.8
CVE-2021-1675 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 < 10.0.10240.18967 - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by TheJoyOfHacking
CVSS 7.8
CVE-2021-40449 PATCHAPALOOZA HIGH
Win32k - Privilege Escalation
Win32k Elevation of Privilege Vulnerability
by BL0odz
CVSS 7.8
CVE-2021-1732 PATCHAPALOOZA HIGH
Microsoft Windows 10 1803 - Out-of-Bounds Write
Windows Win32k Elevation of Privilege Vulnerability
by r1l4-i3pur1l4
CVSS 7.8
CVE-2020-0787 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 - Symlink Following
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
by kenyons
CVSS 7.8
CVE-2021-1675 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 < 10.0.10240.18967 - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by AndrewTrube
CVSS 7.8
CVE-2020-1472 PATCHAPALOOZA MEDIUM
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by mirrors_gladiopeace
CVSS 5.5
CVE-2022-21907 PATCHAPALOOZA CRITICAL
HTTP Protocol Stack - RCE
HTTP Protocol Stack Remote Code Execution Vulnerability
by swarupsro
CVSS 9.8
CVE-2021-1675 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 < 10.0.10240.18967 - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
by Cyberfury101
CVSS 7.8
CVE-2021-31956 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 < 10.0.10240.18967 - Integer Underflow
Windows NTFS Elevation of Privilege Vulnerability
by aazhuliang
CVSS 7.8
CVE-2018-8120 PATCHAPALOOZA HIGH
Windows SetImeInfoEx Win32k NULL Pointer Dereference
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
by mirrors_unamer
CVSS 7.0
CVE-2019-0708 PATCHAPALOOZA CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by mirrors_n1xbyte
CVSS 9.8
CVE-2018-8120 PATCHAPALOOZA HIGH
Windows SetImeInfoEx Win32k NULL Pointer Dereference
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
by mirrors_alpha1ab
CVSS 7.0
CVE-2020-0688 PATCHAPALOOZA HIGH
Microsoft Exchange Server - Authentication Bypass
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
by mirrors_zcgonvh
CVSS 8.8
CVE-2020-0683 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 - Symlink Following
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
by mirrors_padovah4ck
CVSS 7.8
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by mirrors_ZecOps
CVSS 10.0
CVE-2020-0796 PATCHAPALOOZA CRITICAL
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by mirrors_danigargu
CVSS 10.0
CVE-2017-11882 PATCHAPALOOZA HIGH
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
by mirrors_embedi
CVSS 7.8
CVE-2017-11882 PATCHAPALOOZA HIGH
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
by mirrors_unamer
CVSS 7.8
CVE-2017-8759 PATCHAPALOOZA HIGH
Microsoft .net Framework - Code Injection
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
by mirrors_Voulnet
CVSS 7.8
CVE-2019-0708 PATCHAPALOOZA CRITICAL
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by mirrors_k8gege
CVSS 9.8
CVE-2016-0051 PATCHAPALOOZA HIGH
Microsoft Windows 10 - Access Control
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by mirrors_koczkatamas
CVSS 7.8
CVE-2017-8759 PATCHAPALOOZA HIGH
Microsoft .net Framework - Code Injection
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
by mirrors_bhdresh
CVSS 7.8
CVE-2020-1472 PATCHAPALOOZA MEDIUM
Netlogon Weak Cryptographic Authentication
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
by mirrors_dirkjanm
CVSS 5.5
CVE-2020-0787 PATCHAPALOOZA HIGH
Microsoft Windows 10 1507 - Symlink Following
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
by mirrors_cbwang505
CVSS 7.8
By Source
All 312 Exploitdb 50,123 Writeup 46,583 Nomisec 21,106 Metasploit 3,189 Github 2,211 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,723 c 3,550 perl 2,854 html 2,053 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24