Lucene search
K

418 matches found

CVE
CVE
added 2016/04/12 11:0 p.m.477 views

CVE-2016-0128

Technical details about CVE-2016-0128 are not provided in the connected documents. The initial description mentions Badlock affecting Windows SAM/LSAD, but no explicit exploit vectors, affected products, or fixes are given here. Monitor for updates.

6.8CVSS6.4AI score0.20877EPSS
CVE
CVE
added 2012/03/13 9:0 p.m.351 views

CVE-2012-0002

CVE-2012-0002 is a Remote Desktop Protocol memory-processing vulnerability in affected Windows platforms (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1). The flaw permits remote code execution by sending specially crafted RDP packets tha...

9.3CVSS9.5AI score0.73924EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.350 views

CVE-2017-0055

CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...

6.1CVSS5.4AI score0.16369EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.268 views

CVE-2017-0214

CVE-2017-0213 is a Windows Privilege Escalation flaw in the COM Aggregate Marshaler. Reports confirm it enables local elevation of privilege when a specially crafted app is run, affecting Windows client and server SKUs listed in the CVE description. Several connected sources document exploitation...

7CVSS5.9AI score0.03457EPSS
In wild
CVE
CVE
added 2016/04/12 11:0 p.m.263 views

CVE-2016-0143

CVE-2016-0143 is a Windows Win32k Privilege Escalation vulnerability in the kernel-mode driver (win32k.sys) affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, 2012, RT 8.1, Windows 10 Gold/1511). Root cause: improper handling of objects in memory within the Wi...

7.8CVSS6.8AI score0.03596EPSS
In wild
CVE
CVE
added 2017/06/15 1:0 a.m.261 views

CVE-2017-8552

Technical details for CVE-2017-8552 are not publicly provided in the connected documents. No concrete product/version/impact details are present beyond the high-level description. Monitor for updates.

7.8CVSS7.6AI score0.01004EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.259 views

CVE-2016-3308

Technical details for CVE-2016-3308 are not publicly available in the provided documents; monitor for updates.

7.8CVSS7.5AI score0.06418EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.258 views

CVE-2017-0025

Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.

7.8CVSS6.2AI score0.01835EPSS
In wild
CVE
CVE
added 2017/11/15 3:0 a.m.258 views

CVE-2017-11835

CVE-2017-11835 affects the Microsoft Windows Embedded OpenType (EOT) font engine. The vulnerability exists in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, where specially crafted embedded fonts parsed by the EOT font engine can allow a local attacker who logs on and opens a document to read...

5.5CVSS4.7AI score0.02384EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.252 views

CVE-2017-0047

Technical details about CVE-2017-0047 are not provided in the connected documents. Public information in the Initial Description is limited to an overview; monitor for updates.

7.8CVSS6.2AI score0.01858EPSS
In wild
CVE
CVE
added 2017/07/11 9:0 p.m.244 views

CVE-2017-8563

CVE-2017-8563 is an elevation-of-privilege vulnerability in Windows where Kerberos can fall back to NTLM as the default authentication protocol. The issue is exposed via LDAP/NTLM negotiation and can enable domain‑level credential abuse if NTLM relay occurs. Public documentation notes that follow...

8.1CVSS7.1AI score0.07176EPSS
CVE
CVE
added 2012/03/13 9:0 p.m.230 views

CVE-2012-0152

CVE-2012-0152 is a denial-of-service vulnerability in the RDP/Terminal Server component of Windows: affected OSes include Windows 7 and Windows Server 2008 R2 (and SP1). It can be triggered by a sequence of crafted RDP packets, causing an application hang. The issue is addressed by MS12-020, whic...

4.3CVSS8.7AI score0.86147EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.230 views

CVE-2016-3311

CVE-2016-3311 is a Windows kernel-mode driver elevation of privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, Server 2012, Windows RT 8.1, and Windows 10 variants). The issue arises in Win32k kernel components where a crafted applicatio...

7.8CVSS7.5AI score0.01528EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.220 views

CVE-2016-3310

CVE-2016-3310 is a Win32k Elevation of Privilege vulnerability affecting multiple Windows versions. The issue arises in kernel‑mode drivers where improper handling of memory objects enables a local user to execute code with SYSTEM privileges via a crafted application. This is a local, non‑authent...

7.8CVSS7.5AI score0.02628EPSS
In wild
CVE
CVE
added 2013/08/14 10:0 a.m.216 views

CVE-2013-3175

CVE-2013-3175 is a Windows elevation-of-privilege issue in the handling of asynchronous RPC requests. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT. Root cause...

10CVSS7.5AI score0.27538EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.200 views

CVE-2017-8582

CVE-2017-8582 affects the HTTP.sys server component in multiple Windows editions. The vulnerability arises from the component’s improper handling of in-memory objects, enabling a remote, unauthenticated attacker to obtain information and potentially facilitate further compromise. The impact is an...

5.9CVSS5.7AI score0.08294EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.192 views

CVE-2017-0174

CVE-2017-0174 is a Windows NetBIOS Denial of Service vulnerability. Exploitation involves sending malformed NetBIOS packets to affected Windows versions (Windows 7/8.1/10, Windows Server 2008-2016 and related). The underlying cause is improper handling within the Windows NetBIOS/network stack, al...

6.5CVSS6.9AI score0.0258EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.191 views

CVE-2010-0270

The CVE-2010-0270 entry describes a remote code execution/memory corruption vulnerability in the SMB client of Windows 7 and Windows Server 2008 R2. The SMB client fails to properly validate fields in SMB responses (SMB transaction responses), for both SMBv1 and SMBv2, allowing remote SMB servers...

10CVSS7.7AI score0.48188EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.191 views

CVE-2017-0272

CVE-2017-0272 affects the Microsoft Windows SMBv1 server on Windows clients/servers (Windows 7/8.1, Windows Server 2008 SP2/R2 SP1, 2012, 2016, 10 versions etc.). Root cause: the SMBv1 server mishandles certain requests, enabling remote code execution by a remote attacker. Impact is high (remote ...

9.3CVSS7.7AI score0.17121EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.186 views

CVE-2016-0051

CVE-2016-0051 is a local privilege-escalation vulnerability in the Windows WebDAV client. The issue stems from the WebDAV client’s handling of crafted input, allowing a local attacker to gain SYSTEM-level privileges on affected Vista/7/8.1/2012/RT/10 variants with the WebDAV component (WebDAV cli...

7.8CVSS7.5AI score0.23383EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.181 views

CVE-2012-1851

CVE-2012-1851 is a format string vulnerability in the Windows Print Spooler service that allows remote code execution. Affected: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. Root cause: Print Spooler mishandles crafted response...

10CVSS7.5AI score0.65637EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.173 views

CVE-2012-0159

CVE-2012-0159 is a kernel-level remote code execution vulnerability in Microsoft Windows related to TrueType font parsing. The root cause is a sign extension error in the kernel’s handling of TrueType compound glyphs within win32k.sys, which can be triggered by a crafted TTF file. Affected produc...

9.3CVSS7.4AI score0.26816EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.167 views

CVE-2010-0476

CVE-2010-0476 is a remote code-execution vulnerability in the Microsoft SMB client. The issue occurs when the SMB client implementation on Windows platforms (including Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 SP2) improperly parses or handles certain crafted SMB res...

10CVSS7.7AI score0.3433EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.166 views

CVE-2012-1527

CVE-2012-1527 corresponds to Windows Shell Briefcase Integer Underflow. The vulnerability arises from an integer underflow in the Briefcase feature of Windows Shell, enabling local privilege escalation for affected Windows editions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Wind...

9.3CVSS6.4AI score0.18163EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.164 views

CVE-2013-0013

The CVE-2013-0013 issue affects the Windows SSL/TLS stack: multiple Windows versions (Vista SP2, Server 2008 SP2/R2 and SP1, Windows 7, 8, Server 2012, Windows RT) have a flaw in the SSL provider that mishandles encrypted packets, enabling a man-in-the-middle to downgrade SSLv2 and intercept hand...

5.8CVSS6.3AI score0.06351EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.164 views

CVE-2013-3868

CVE-2013-3868 affects Microsoft Active Directory Lightweight Directory Service (AD LDS) and Active Directory Services across Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, and Server 2012. The vulnerability allows remote attackers to trigger a denial of service (LDAP...

5CVSS6.5AI score0.38293EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.156 views

CVE-2012-0217

CVE-2012-0217 affects the x86-64 kernel sysret path across multiple platforms (Xen 4.1.2 and earlier, XenServer 6.0.2 and earlier, Solaris 11 and earlier, illumos before r13724, FreeBSD before 9.0-RELEASE-p3, NetBSD 6.0 Beta and earlier, Windows Server 2008 R2/R2 SP1/Windows 7 SP1, and others). T...

7.2CVSS6.3AI score0.37212EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.156 views

CVE-2017-0170

CVE-2017-0170 is an information-disclosure flaw in Windows Performance Monitor Console where XML input is parsed unsafely, allowing an XML external entity (XXE) to read arbitrary files. Affected are Windows versions listed in the CVE description (Windows 7/8.1/10, Windows Server variants, and Win...

6.5CVSS6.1AI score0.06666EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.155 views

CVE-2017-0277

CVE-2017-0277 describes a remote code execution vulnerability in the Microsoft Windows SMBv1 server. The SMBv1 service on affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Windows 10 1511/1607/1703, Windows Server 2...

7CVSS7.7AI score0.1085EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.152 views

CVE-2016-7212

CVE-2016-7212 affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, 10 up to 1607, and Server 2016) where a crafted image file can lead to remote code execution. Root cause: improper handling in the Windows image load feature. Impact is remote cod...

9.3CVSS8AI score0.69829EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.150 views

CVE-2012-0175

CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...

9.3CVSS7.8AI score0.2621EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.150 views

CVE-2017-0158

CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...

7.6CVSS7.5AI score0.12558EPSS
CVE
CVE
added 2013/08/14 10:0 a.m.149 views

CVE-2013-3183

Microsoft Windows ICMPv6 Packet Denial of Service (CVE-2013-3183) affects multiple Windows platforms (Vista SP2, 2008 SP2/R2 SP1, 7 SP1, 8, 2012, RT) where the TCP/IP stack improperly allocates memory for inbound ICMPv6 packets, causing remote denial of service (system hang) via crafted packets. ...

7.8CVSS6.5AI score0.80473EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.149 views

CVE-2017-11780

CVE-2017-11780 is a remote code execution vulnerability in the Microsoft Windows Server Message Block 1.0 (SMBv1) server. The issue occurs when SMBv1 fails to handle certain requests, allowing an unauthenticated attacker to execute code on the target server over the network. Affected products inc...

7CVSS8.4AI score0.09961EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.147 views

CVE-2012-4774

CVE-2012-4774 is a Windows File Handling Component vulnerability. A crafted file or subfolder name can trigger use of unallocated memory as the destination of a copy operation, enabling remote code execution on affected Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windo...

9.3CVSS7.5AI score0.20766EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.146 views

CVE-2017-0161

CVE-2017-0161 is a Windows NetBT Session Services vulnerability described as a race condition when NetBT fails to maintain certain sequencing requirements, enabling a remote code execution in affected Windows releases. The CVE is present in Windows 7/8.1/10 and server SKUs listed in the initial d...

8.1CVSS7.7AI score0.11229EPSS
CVE
CVE
added 2017/02/20 4:0 p.m.144 views

CVE-2017-0038

The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...

5.5CVSS4.7AI score0.821EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.144 views

CVE-2017-8565

CVE-2017-8565 is a Windows PowerShell remote code execution vulnerability triggered when PSObject wraps a CIM Instance. Connected sources describe in detail that deserialization via PSObject, LosFormatter, ObjectStateFormatter (and related gadget chains) can enable remote code execution in PowerS...

9.3CVSS7.3AI score0.17522EPSS
CVE
CVE
added 2012/02/14 10:0 p.m.141 views

CVE-2012-0150

CVE-2012-0150 describes a buffer overflow in the C runtime library (msvcrt.dll) used by multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7/7 SP1). The vulnerability arises when parsing a crafted media file, copying a version string into a fixed-length stack buffer, allowing remot...

9.3CVSS7.8AI score0.24272EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.139 views

CVE-2010-2550

CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...

10CVSS9.3AI score0.7572EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.139 views

CVE-2010-3956

CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....

9.3CVSS6.3AI score0.08274EPSS
CVE
CVE
added 2011/12/30 7:0 p.m.139 views

CVE-2011-5046

CVE-2011-5046 affects the Windows kernel component win32k.sys (GDI) across multiple OS versions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue arises from improper validation of user-mode input in GDI, enabling remote attackers to execute arbitrary code ...

9.3CVSS7.7AI score0.45457EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.138 views

CVE-2016-0026

Technical details about CVE-2016-0026 are not publicly provided in the supplied documents; no specific affected products or fixes are described. Monitor for updates.

9.3CVSS7.5AI score0.06767EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.137 views

CVE-2012-1528

CVE-2012-1528 is a Windows Shell vulnerability originating from an integer overflow in the Briefcase feature. The flaw affects multiple Windows client/server platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP, Windows 7 SP1, Windows 8, Server 2012) and can let local users gain p...

9.3CVSS6.6AI score0.18163EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.137 views

CVE-2012-2551

CVE-2012-2551 is a Kerberos denial-of-service vulnerability affecting Microsoft Windows 7 (including SP1) and Windows Server 2008 R2 (including R2 SP1). The issue is described as a remote denial of service via a crafted Kerberos session request that triggers a NULL pointer dereference, potentiall...

5CVSS6.4AI score0.27476EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.135 views

CVE-2016-3304

CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.134 views

CVE-2017-0269

CVE-2017-0269 is a Windows SMBv1 denial-of-service vulnerability: the SMBv1 server may stop responding when it receives specially crafted requests. The issue is tied to handling of SMBv1 traffic (no explicit exploit details in the provided docs). Affected context is Windows SMBv1 processing; pote...

5.9CVSS6.2AI score0.06465EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.131 views

CVE-2017-0114

CVE-2017-0114 is a Windows Uniscribe (usp10.dll) information-disclosure vulnerability affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. The issue arises in Uniscribe when processing Unicode text via DrawText paths triggered by user32/lpk, allowing a remote attacker t...

4.3CVSS4.5AI score0.22471EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.131 views

CVE-2018-0825

CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...

7.6CVSS7.3AI score0.16778EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.130 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
Total number of security vulnerabilities418