This is a list of recent vulnerabilities for which exploits are available.
CVE, Title, Vendor
Description
CVSS v3.1 Base Score
Date Created
Date Updated
CVE-2020-1350
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Microsoft
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
Microsoft Netlogon Elevation of Privilege Vulnerability
Microsoft
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft Exchange Validation Key Remote Code Execution Vulnerability
Microsoft
A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.