Lucene search

K
MicrosoftWindows 7

2372 matches found

cve
cve
added 2019/10/10 2:15 p.m.1101 views

CVE-2019-1315

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

7.8CVSS8.5AI score0.06219EPSS
In wild
cve
cve
added 2022/04/15 7:15 p.m.1100 views

CVE-2022-26904

Windows User Profile Service Elevation of Privilege Vulnerability

7CVSS8.2AI score0.30445EPSS
In wild
cve
cve
added 2017/03/17 12:59 a.m.1099 views

CVE-2017-0001

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI ...

7.8CVSS6.2AI score0.14476EPSS
In wild
cve
cve
added 2019/05/16 7:29 p.m.1098 views

CVE-2019-0863

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

7.8CVSS7.7AI score0.14148EPSS
In wild
cve
cve
added 2019/09/11 10:15 p.m.1096 views

CVE-2019-1215

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.

7.8CVSS8.1AI score0.23634EPSS
In wild
cve
cve
added 2019/09/11 10:15 p.m.1095 views

CVE-2019-1214

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

7.8CVSS8AI score0.11567EPSS
In wild
cve
cve
added 2019/04/09 12:29 a.m.1089 views

CVE-2019-0703

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.

6.5CVSS6.8AI score0.14208EPSS
In wild
cve
cve
added 2012/04/10 9:55 p.m.1087 views

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE...

9.3CVSS5.8AI score0.88546EPSS
In wild
cve
cve
added 2018/09/13 12:29 a.m.1084 views

CVE-2018-8440

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8....

7.8CVSS7.5AI score0.77725EPSS
In wild
cve
cve
added 2022/07/12 11:15 p.m.1083 views

CVE-2022-22047

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

7.8CVSS8.3AI score0.00707EPSS
In wild
cve
cve
added 2019/01/08 9:29 p.m.1077 views

CVE-2019-0543

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Window...

7.8CVSS7.7AI score0.03524EPSS
In wild
cve
cve
added 2020/04/15 3:15 p.m.1071 views

CVE-2020-0938

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could e...

7.8CVSS8.2AI score0.8787EPSS
In wild
cve
cve
added 2017/03/17 12:59 a.m.1065 views

CVE-2017-0005

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI ...

7.8CVSS6.2AI score0.14476EPSS
In wild
cve
cve
added 2020/04/15 3:15 p.m.1064 views

CVE-2020-1027

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.

7.8CVSS8AI score0.13961EPSS
In wild
cve
cve
added 2022/08/09 8:15 p.m.1060 views

CVE-2022-34713

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

7.8CVSS8.9AI score0.07962EPSS
In wild
cve
cve
added 2019/05/16 7:29 p.m.1048 views

CVE-2019-0903

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

9.3CVSS8AI score0.50648EPSS
In wild
cve
cve
added 2016/02/10 11:59 a.m.1035 views

CVE-2016-0040

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

7.8CVSS7.3AI score0.77872EPSS
In wild
cve
cve
added 2010/12/06 1:44 p.m.1034 views

CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (...

7.8CVSS6.8AI score0.12169EPSS
In wild
cve
cve
added 2014/10/22 2:55 p.m.1034 views

CVE-2014-6352

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted Pow...

9.3CVSS7.6AI score0.90891EPSS
In wild
cve
cve
added 2017/03/17 12:59 a.m.1031 views

CVE-2017-0101

The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted app...

7.8CVSS6.2AI score0.6193EPSS
In wild
cve
cve
added 2016/05/11 1:59 a.m.1025 views

CVE-2016-0185

Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."

9.3CVSS7.9AI score0.82752EPSS
In wildWeb
cve
cve
added 2013/05/24 8:55 p.m.1024 views

CVE-2013-3660

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next ob...

7.8CVSS6.5AI score0.74231EPSS
In wild
cve
cve
added 2016/11/10 7:0 a.m.1023 views

CVE-2016-7256

atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a cra...

9.3CVSS8.8AI score0.59042EPSS
In wild
cve
cve
added 2010/01/21 7:30 p.m.1015 views

CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly va...

7.8CVSS6.2AI score0.77111EPSS
In wild
cve
cve
added 2019/04/09 3:29 a.m.1000 views

CVE-2019-0808

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.

7.8CVSS8.2AI score0.52291EPSS
In wild
cve
cve
added 2015/04/21 10:59 a.m.983 views

CVE-2015-1701

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

7.8CVSS7.3AI score0.90916EPSS
In wild
cve
cve
added 2018/12/12 12:29 a.m.977 views

CVE-2018-8611

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012...

7.8CVSS8.4AI score0.06406EPSS
In wild
cve
cve
added 2014/10/15 10:55 a.m.974 views

CVE-2014-4113

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as ...

7.8CVSS8AI score0.82789EPSS
In wild
cve
cve
added 2014/10/15 10:55 a.m.946 views

CVE-2014-4114

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sand...

9.3CVSS9.5AI score0.92026EPSS
In wild
cve
cve
added 2014/11/18 11:59 p.m.937 views

CVE-2014-6324

The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a...

9CVSS5.9AI score0.85883EPSS
In wild
cve
cve
added 2018/11/14 1:29 a.m.919 views

CVE-2018-8589

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

7.8CVSS8AI score0.04106EPSS
In wild
cve
cve
added 2014/10/15 10:55 a.m.914 views

CVE-2014-4148

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted True...

9.3CVSS7.9AI score0.34773EPSS
In wild
cve
cve
added 2015/08/15 12:59 a.m.911 views

CVE-2015-1769

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting ...

7.2CVSS7.3AI score0.12652EPSS
In wild
cve
cve
added 2015/07/14 10:59 p.m.905 views

CVE-2015-2387

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted applic...

7.8CVSS6.2AI score0.24298EPSS
In wild
cve
cve
added 2015/01/13 10:59 p.m.904 views

CVE-2015-0016

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted path...

9.3CVSS6.8AI score0.91334EPSS
In wild
cve
cve
added 2016/10/14 2:59 a.m.898 views

CVE-2016-3393

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, ...

9.3CVSS7.8AI score0.29859EPSS
In wild
cve
cve
added 2015/07/20 6:59 p.m.897 views

CVE-2015-2426

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a cra...

9.3CVSS7.4AI score0.91612EPSS
In wild
cve
cve
added 2022/09/13 7:15 p.m.886 views

CVE-2022-37969

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS8.9AI score0.04835EPSS
In wild
cve
cve
added 2016/10/14 2:59 a.m.878 views

CVE-2016-3298

Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerabilit...

6.5CVSS5.4AI score0.27734EPSS
In wild
cve
cve
added 2015/06/10 1:59 a.m.872 views

CVE-2015-2360

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial o...

8.8CVSS6.5AI score0.05865EPSS
In wild
cve
cve
added 2014/11/11 10:55 p.m.859 views

CVE-2014-4077

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanes...

9.3CVSS8.4AI score0.2956EPSS
In wild
cve
cve
added 2022/11/09 10:15 p.m.854 views

CVE-2022-41128

Windows Scripting Languages Remote Code Execution Vulnerability

8.8CVSS8.3AI score0.67153EPSS
In wild
cve
cve
added 2022/10/11 7:15 p.m.833 views

CVE-2022-41033

Windows COM+ Event System Service Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00234EPSS
In wild
cve
cve
added 2019/11/12 7:15 p.m.826 views

CVE-2019-1388

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

7.8CVSS8.5AI score0.03445EPSS
In wild
cve
cve
added 2022/11/09 10:15 p.m.781 views

CVE-2022-41073

Windows Print Spooler Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.00699EPSS
In wild
cve
cve
added 2011/12/30 1:55 a.m.778 views

CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

8.5CVSS6AI score0.83531EPSS
Web
cve
cve
added 2018/05/22 12:29 p.m.763 views

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...

5.5CVSS5.9AI score0.46737EPSS
In wildWeb
cve
cve
added 2018/09/06 9:29 p.m.669 views

CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation hav...

7.8CVSS7.7AI score0.05017EPSS
In wild
cve
cve
added 2022/04/15 7:15 p.m.630 views

CVE-2022-26809

Remote Procedure Call Runtime Remote Code Execution Vulnerability

10CVSS9.6AI score0.92281EPSS
cve
cve
added 2019/09/03 6:15 p.m.606 views

CVE-2019-1125

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an a...

5.6CVSS6.8AI score0.13431EPSS
Total number of security vulnerabilities2372