Windows Security Vulnerabilities and Issues — Windows CVE List

Lucene search

MicrosoftWindows

80 matches found

CVE•added 2011/09/06 7:55 p.m.•608 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP...

4.3CVSS6.5AI score0.05563EPSS

CVE•added 2000/02/04 5:0 a.m.•447 views

CVE-1999-0524

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

2.1CVSS6.5AI score0.00702EPSS

CVE•added 2018/06/26 2:29 p.m.•395 views

CVE-2018-0598

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

9.3CVSS7.6AI score0.02514EPSS

CVE•added 2021/08/12 6:15 p.m.•200 views

CVE-2021-36958

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or de...

9.3CVSS8.5AI score0.04045EPSS

CVE•added 2011/01/25 1:0 a.m.•179 views

CVE-2011-0638

Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that ...

6.9CVSS7.3AI score0.01284EPSS

CVE•added 2008/09/11 1:1 a.m.•114 views

CVE-2007-5348

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 20...

9.3CVSS8AI score0.76417EPSS

CVE•added 2008/11/12 11:30 p.m.•107 views

CVE-2008-4037

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Ref...

9.3CVSS7.2AI score0.7553EPSS

CVE•added 2015/05/13 10:59 a.m.•99 views

CVE-2015-3052

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE...

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•96 views

CVE-2014-9160

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors.

10CVSS7.5AI score0.45307EPSS

CVE•added 2007/04/18 6:19 p.m.•87 views

CVE-2007-2108

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI Accept...

6.8CVSS6.4AI score0.32856EPSS

CVE•added 2015/10/21 9:59 p.m.•86 views

CVE-2015-4796

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4888.

9CVSS8AI score0.1269EPSS

CVE•added 2015/10/21 6:59 p.m.•76 views

CVE-2015-4716

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.

10CVSS7.5AI score0.2332EPSS

CVE•added 2015/05/13 11:0 a.m.•75 views

CVE-2015-3072

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2022/03/10 11:15 p.m.•74 views

CVE-2022-0280

A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service...

7.5CVSS6.7AI score0.00148EPSS

CVE•added 2015/05/13 10:59 a.m.•72 views

CVE-2015-3048

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unknown vectors.

10CVSS7.7AI score0.11897EPSS

CVE•added 2015/05/13 11:0 a.m.•72 views

CVE-2015-3073

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•71 views

CVE-2015-3066

10CVSS6.4AI score0.31105EPSS

CVE•added 2009/11/05 4:30 p.m.•69 views

CVE-2009-3864

The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabiliti...

7.5CVSS6.3AI score0.08556EPSS

CVE•added 2015/05/13 10:59 a.m.•68 views

CVE-2015-3055

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075.

7.5CVSS7.4AI score0.06245EPSS

CVE•added 2015/05/13 11:0 a.m.•68 views

CVE-2015-3074

10CVSS6.4AI score0.31105EPSS

CVE•added 2008/09/11 1:11 a.m.•66 views

CVE-2008-3012

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, S...

9.3CVSS7.7AI score0.70686EPSS

CVE•added 2015/05/13 10:59 a.m.•66 views

CVE-2015-3047

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5CVSS6.3AI score0.03993EPSS

CVE•added 2015/05/13 10:59 a.m.•66 views

CVE-2015-3051

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•64 views

CVE-2015-3050

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•64 views

CVE-2015-3062

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•64 views

CVE-2015-3070

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•63 views

CVE-2015-3061

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 10:59 a.m.•63 views

CVE-2015-3064

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•63 views

CVE-2015-3071

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 10:59 a.m.•62 views

CVE-2015-3053

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075.

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3068

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3069

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3075

10CVSS7.4AI score0.06245EPSS

CVE•added 2014/12/10 9:59 p.m.•61 views

CVE-2014-8446

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE...

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•61 views

CVE-2014-9158

10CVSS7.6AI score0.27545EPSS

CVE•added 2015/05/13 10:59 a.m.•61 views

CVE-2015-3058

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors.

5CVSS5.9AI score0.05648EPSS

CVE•added 2015/05/13 10:59 a.m.•60 views

CVE-2015-3046

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 11:0 a.m.•60 views

CVE-2015-3065

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•60 views

CVE-2015-3067

10CVSS6.4AI score0.31105EPSS

CVE•added 2018/06/26 2:29 p.m.•60 views

CVE-2018-0599

Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

9.3CVSS7.7AI score0.0158EPSS

CVE•added 2024/12/18 11:15 p.m.•60 views

CVE-2022-40733

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot....

5CVSS5.2AI score0.00147EPSS

CVE•added 2010/08/27 7:0 p.m.•59 views

CVE-2010-3139

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

9.3CVSS7.6AI score0.17052EPSS

CVE•added 2014/12/10 9:59 p.m.•59 views

CVE-2014-8445

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE...

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•59 views

CVE-2014-8448

An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.

5CVSS5.8AI score0.24239EPSS

CVE•added 2015/05/13 10:59 a.m.•59 views

CVE-2015-3049

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•59 views

CVE-2015-3056

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•59 views

CVE-2015-3063

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•59 views

CVE-2015-3076

10CVSS7.6AI score0.10445EPSS

CVE•added 2014/12/10 9:59 p.m.•58 views

CVE-2014-8451

5CVSS5.8AI score0.24239EPSS

CVE•added 2024/05/28 5:15 p.m.•58 views

CVE-2024-30164

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vul...

6.7CVSS7.8AI score0.00128EPSS

Total number of security vulnerabilities80