Lucene search
+L

418 matches found

CVE
CVE
added 2016/08/09 9:0 p.m.133 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.133 views

CVE-2016-7237

CVE-2016-7237 affects Local Security Authority Subsystem Service (LSASS) in Windows between Vista SP2 and Windows Server 2016. The vulnerability allows remote authenticated users to cause a denial of service (system hang) by sending a crafted request, via the LSASS handling path (notably connecte...

6.8CVSS6.2AI score0.65059EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.133 views

CVE-2018-8136

CVE-2018-8136 is described as a remote code execution vulnerability in how Windows handles objects in memory, affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers. The con...

9.3CVSS8.4AI score0.23243EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.132 views

CVE-2017-0114

CVE-2017-0114 is a Windows Uniscribe (usp10.dll) information-disclosure vulnerability affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. The issue arises in Uniscribe when processing Unicode text via DrawText paths triggered by user32/lpk, allowing a remote attacker t...

4.3CVSS4.5AI score0.22471EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.131 views

CVE-2017-0062

CVE-2017-0062 affects the Graphics Device Interface (GDI) in multiple Windows versions (Vista SP2 through Windows 10/1607). It enables local attackers to disclose sensitive process-memory information via a crafted web site; impact is information disclosure. Connected CIRCL entries indicate the vu...

4.7CVSS4.3AI score0.17832EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.131 views

CVE-2018-0846

The connected documents confirm CVE-2018-0846 affects the Windows Common Log File System (CLFS) driver and describes an elevation-of-privilege flaw caused by improper handling of objects in memory. Affected products include various Windows client/server builds (Windows 7 SP1, Windows 8.1/RT 8.1, ...

7.8CVSS6.8AI score0.01239EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.130 views

CVE-2016-0042

CVE-2016-0042 corresponds to a Windows DLL loading Remote Code Execution vulnerability. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10 (including 1511). The flaw arises from mishandling D...

7.8CVSS7.8AI score0.05651EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.130 views

CVE-2017-8528

CVE-2017-8528 concerns a remote code execution vulnerability in Microsoft Windows Uniscribe (usp10.dll) where объектs in memory are mishandled. Affected platforms span Windows 7/8.1/10 and several Server SKUs with Office 2007/2010. Exploitation is possible via crafted documents or web content, pe...

9.3CVSS5.9AI score0.19889EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.129 views

CVE-2017-0279

CVE-2017-0279 corresponds to a remote code execution vulnerability in the Microsoft Windows SMB v1 server. The available connected and initial documents indicate: affected component is the SMBv1 server (Server Message Block 1.0) on multiple Windows platforms (e.g., Windows 7, Windows 8.1, Windows...

7CVSS7.7AI score0.1085EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.129 views

CVE-2017-11771

CVE-2017-11771 is a remote code execution vulnerability in the Microsoft Windows Search component. The issue arises from improper handling of DNS responses by the Windows Search service, allowing an unauthenticated, remote attacker to execute code on affected systems. The CVE is referenced alongs...

10CVSS9.6AI score0.64132EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.129 views

CVE-2018-0757

Technical details about CVE-2018-0757 are not publicly available in the provided documents. Connected sources discuss malware and general Windows kernel disclosures but do not specify affected products, versions, or fixes. Monitor for official updates.

4.7CVSS5AI score0.01615EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.128 views

CVE-2018-0820

CVE-2018-0820 affects the Windows kernel on Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2/R2 SP1, 2012/2012 R2, Windows 10 (various builds) and Windows Server (various). The vulnerability arises from how objects are handled in memory, enabling local privilege escalation from a low-pr...

7.8CVSS5.4AI score0.01266EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.127 views

CVE-2017-0087

CVE-2017-0087 is a remote code execution vulnerability in Windows Uniscribe (USP10) affecting Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1. Connected data show exploits targeting USP10!MergeLigRecords, with heap memory corruption in Uniscribe’s font processing triggere...

9.3CVSS7.4AI score0.42546EPSS
CVE
CVE
added 2009/11/13 3:0 p.m.126 views

CVE-2009-3676

The CVE-2009-3676 entry concerns a Denial of Service in the kernel SMB client of Windows 7 and Windows Server 2008 R2 caused by incomplete SMB responses (SMBv1 and SMBv2). A remote attacker or a man‑in‑the‑middle could trigger an infinite loop by sending a crafted SMB response, potentially freezi...

7.1CVSS6.1AI score0.34336EPSS
CVE
CVE
added 2016/05/11 1:0 a.m.126 views

CVE-2016-0174

CVE-2016-0174 describes a local privilege escalation in Windows kernel-mode drivers (Win32k) affecting multiple Windows family versions (Vista SP2, Server 2008 SP2/R2, 7 SP1, 8.1, Server 2012, RT 8.1, and Windows 10 1511/Gold). The vulnerability allows a locally authenticated attacker to gain hig...

7.8CVSS7.5AI score0.02485EPSS
CVE
CVE
added 2016/05/11 1:0 a.m.126 views

CVE-2016-0176

CVE-2016-0176 is a Windows privilege-escalation flaw in the DirectX Graphics Kernel Subsystem (dxgkrnl.sys). It affects multiple Windows versions (7 SP1, Server 2008 R2 SP1, 8.1, Server 2012 R2/Gold, RT 8.1, 10 variants). Root cause: improper handling of memory objects in the DirectX kernel subsy...

7.8CVSS7.3AI score0.02031EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.126 views

CVE-2017-0014

Public technical details for CVE-2017-0014 are not present in the provided connected documents. The records describe affected products and cross-reference other CVEs, but no concrete exploit vectors, impact specifics, or remediation are disclosed here. Monitor for updates.

7.6CVSS6.2AI score0.17594EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.126 views

CVE-2017-0099

CVE-2017-0099 pertains to Hyper-V in Microsoft Windows (lists affected: Windows Vista SP2, Server 2008 SP2/2008 R2, Windows 7 SP1, Windows 8.1, Server 2012 Gold/R2, Windows 10 Gold, 1511, 1607, Server 2016). The issue allows guest OS users, running as VMs, to cause a denial-of-service via a craft...

5.4CVSS5.2AI score0.01423EPSS
CVE
CVE
added 2016/05/11 1:0 a.m.125 views

CVE-2016-0169

CVE-2016-0169 is a Windows Graphics Component Information Disclosure vulnerability in GDI across Windows Vista through Windows 10 (various editions). The issue arises from improper disclosure of memory contents via a crafted document, enabling remote information leakage. Public evidence includes ...

6.5CVSS5.9AI score0.43248EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.125 views

CVE-2017-8696

CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...

7.6CVSS7AI score0.14264EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.124 views

CVE-2016-3225

The CVE-2016-3225 issue affects the SMB server component in multiple Windows releases (e.g., Vista/Server 2008/7/8.1/2012/RT 8.1/10). The root cause is credential-forwarding by the Windows SMB server to an unintended service, enabling a local attacker to gain elevated privileges via a crafted app...

7.8CVSS7.6AI score0.43493EPSS
Web
CVE
CVE
added 2016/06/16 1:0 a.m.124 views

CVE-2016-3236

CVE-2016-3236 affects the WPAD proxy discovery implementation in multiple Windows editions (Vista through Windows 10). The weakness arises when WPAD proxy discovery is mishandled, which could allow a remote attacker to redirect network traffic via unspecified vectors, effectively an elevation of ...

10CVSS9.1AI score0.77658EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.124 views

CVE-2017-0077

CVE-2017-0077 is a Windows kernel vulnerability described as the Win32k Information Disclosure Vulnerability. It affects multiple Windows versions (Windows 7 SP1, Windows 8.1, Windows 10 releases up to 1703 and Windows Server 2016, among others) and is exploitable by a local, authenticated attack...

7.8CVSS7.4AI score0.01537EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.124 views

CVE-2018-8127

CVE-2018-8127 is a Windows kernel information-disclosure vulnerability affecting multiple Windows versions (e.g., Windows 7, 8.1, 10, and server editions). Root cause: the kernel improperly handles objects in memory, enabling information leakage. The connected records do not provide concrete expl...

5.5CVSS5.3AI score0.03012EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.122 views

CVE-2012-0173

Technical details for CVE-2012-0173 are not provided in the connected documents. The materials reference CVE-2012-0002 and MS12-020 but do not disclose specifics for CVE-2012-0173. Monitor for updates.

9.3CVSS9.4AI score0.20933EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.122 views

CVE-2015-6130

CVE-2015-6130 is a Windows Uniscribe (USP10.DLL) vulnerability affecting Windows 7 SP1 and Windows Server 2008 R2 SP1. A specially crafted True Type Font (TTF) embedded in documents or web content can trigger an integer underflow in Uniscribe, allowing remote code execution. Microsoft issued MS15...

9.3CVSS7.5AI score0.20725EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.122 views

CVE-2017-0275

CVE-2017-0275 is an SMBv1 information-disclosure vulnerability in Microsoft Windows SMB server handling of certain requests. The initial description lists affected products as Windows platforms including Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and ...

5.9CVSS6.1AI score0.07611EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.122 views

CVE-2018-1008

CVE-2018-1008 describes a local elevation-of-privilege vulnerability in Windows Adobe Type Manager Font Driver (ATMFD.dll). The flaw stems from improper handling of objects in memory, enabling an attacker to execute arbitrary code with kernel or SYSTEM privileges on vulnerable Windows editions (W...

7CVSS6.7AI score0.01152EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.121 views

CVE-2013-3174

CVE-2013-3174 corresponds to a remote code execution in Microsoft DirectShow via specially crafted GIF files. Affected: DirectShow in Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012. Root cause: faulty GIF image parsing leads to arbitr...

9.3CVSS7.4AI score0.31979EPSS
CVE
CVE
added 2014/07/08 10:0 p.m.121 views

CVE-2014-1767

CVE-2014-1767 is a local privilege-escalation vulnerability in the Windows Ancillary Function Driver (afd.sys) leveraged via a dangling/double-free condition in kernel-mode code (AFD). Public materials indicate Microsoft MS14-040 addressed this flaw, affecting multiple Windows versions from Windo...

7.2CVSS6.3AI score0.12694EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.121 views

CVE-2016-7272

CVE-2016-7272 affects the Windows Graphics component across multiple Windows versions (Vista SP2, Server 2008 SP2/R2, 7, 8.1, 2012/R2, RT 8.1, 10 Gold/1511/1607, Server 2016). The vulnerability enables remote code execution via a crafted web site, with network attack vector and no privileges requ...

9.3CVSS8.8AI score0.39261EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.120 views

CVE-2012-0181

CVE-2012-0181 affects Win32k.sys in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, and Windows 8 CP). The vulnerability is a memory-corruption/logic issue in the kernel-mode ReadLayoutFile path that handles keyboard layout files, allowing loc...

7.2CVSS6.2AI score0.03401EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.120 views

CVE-2016-0070

Technical details of CVE-2016-0070 are not publicly provided in the Connected Documents. Monitor for updates.

5.5CVSS5.3AI score0.11493EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.120 views

CVE-2017-0045

CVE-2017-0045 is a Windows DVD Maker XML External Entity (XXE) information-disclosure vulnerability affecting Windows 7 SP1, Windows Server 2008 SP2/R2 SP1, and Windows Vista SP2. The vulnerability arises when parsing crafted .msdvd files, enabling an attacker to access local files information on...

5.5CVSS5.1AI score0.06581EPSS
Web
CVE
CVE
added 2016/09/14 10:0 a.m.119 views

CVE-2016-3345

CVE-2016-3345 is the Windows SMBv1 Server Remote Code Execution vulnerability. The SMBv1 server on affected Windows editions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8.1, Server 2012 R2/2012, Windows RT 8.1, Windows 10 1511/1607) could allow an authenticated attacker to execute arbi...

9CVSS8.9AI score0.32458EPSS
CVE
CVE
added 2016/09/14 10:0 a.m.119 views

CVE-2016-3371

CVE-2016-3371 is a Windows kernel elevation of privilege vulnerability affecting a broad set of Windows versions (Vista SP2/2008 SP2 R2, Windows 7 SP1, 8.1, Server 2012/RT, Windows 10 1511/1607). The issue stems from improper enforcement of permissions by the Windows Kernel API, allowing local at...

5.5CVSS5.6AI score0.4007EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.119 views

CVE-2017-0050

Technical details about CVE-2017-0050 are not publicly provided in the connected documents. The sources reference the vulnerability generally; monitor for updates on affected products, root cause, and fixes.

7.8CVSS5.7AI score0.01468EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.118 views

CVE-2012-0180

CVE-2012-0180 affects win32k.sys in multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8 CP). The issue is improper handling of user-mode input in kernel-mode for windows and messages, enabling local privilege escalation via a crafted app...

7.8CVSS6.2AI score0.01263EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.118 views

CVE-2017-8577

Technical details for CVE-2017-8577 are not provided in the supplied documents; no explicit affected product/version, root cause, impact, or fix is disclosed here. Monitor for updates.

7CVSS6.9AI score0.01012EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.117 views

CVE-2016-7205

CVE-2016-7205 is a Windows memory corruption vulnerability in the Animation Manager that can be triggered by visiting a crafted web site, enabling remote code execution. Affected products include Windows 7 SP1, Windows 8.1, Windows 10 (various builds), Windows Server 2008 R2 SP1, Windows Server 2...

9.3CVSS8.6AI score0.21545EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.117 views

CVE-2017-0175

CVE-2017-0175 is a Windows kernel local information disclosure vulnerability reported for Windows 7 SP1 and Windows Server 2008 SP2/R2 SP1. The initial entry describes an information leak via a specially crafted document, with authentication required marked as none in CVSS. Connected sources refe...

4.7CVSS4.2AI score0.07048EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.117 views

CVE-2017-0280

CVE-2017-0280 is a remote-denial-of-service vulnerability in the Microsoft Windows SMB Server (SMBv1). The issue occurs when the SMBv1 server processes crafted SMB requests, allowing an unauthenticated attacker to trigger a DoS condition on the target system. Documents reference the vulnerability...

7.1CVSS6.2AI score0.07169EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.117 views

CVE-2017-11847

CVE-2017-11847 affects the Windows kernel across multiple Windows client/server versions (Windows 7 SP1; Windows 8.1/RT; Windows 10 1511–1709; Windows Server 2008/2012/2016, etc.). The root cause is improper handling of objects in memory, enabling a local attacker to escalate privileges and run a...

9.3CVSS7.6AI score0.06462EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.117 views

CVE-2018-0844

The CVE-2018-0844 entry describes an elevation-of-privilege vulnerability in the Windows Common Log File System (CLFS) driver, affecting multiple Windows versions (Windows 7 SP1, Windows 8.1/RT 8.1, Server 2008 SP2/R2 SP1, 2012/R2, 2016, and 1709). The root cause is how objects in memory are hand...

7.8CVSS6.8AI score0.01239EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.116 views

CVE-2016-3303

CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...

9.3CVSS7.8AI score0.50506EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.116 views

CVE-2016-7274

CVE-2016-7274 concerns the Windows Uniscribe component (usp10.dll). The issue stems from an integer/heap-related vulnerability in the LoadUvsTable() function that could enable remote code execution when processing untrusted font data via a crafted web site. Public analyses (e.g., Google Project Z...

9.3CVSS8.8AI score0.42488EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.116 views

CVE-2017-0260

Technical details for CVE-2017-0260 are not provided in the connected documents. The initial entry notes an Office Remote Code Execution vulnerability, but there are no concrete product/version/impact/fix details here. Monitor official advisories for updates.

9.3CVSS6.8AI score0.19942EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.116 views

CVE-2017-0276

Technical details for CVE-2017-0276 are not publicly available in the provided documents. Monitor for updates; current sources in the set do not describe affected products/versions, root cause, or remediation specific to this CVE.

5.9CVSS6.1AI score0.07243EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.116 views

CVE-2017-8533

CVE-2017-8533 is an information‑disclosure vulnerability in Windows graphics handling, specifically the Uniscribe/GDI path, where memory contents can be exposed. The issue affects multiple Windows editions listed in the CVE entry (e.g., Windows 7 SP1, 8.1, various Windows 10 versions, Windows Ser...

6.5CVSS5.1AI score0.07802EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.116 views

CVE-2018-8134

CVE-2018-8134 is an elevation of privilege vulnerability in the Windows Kernel API that affects Windows 8.1, Windows 10 (including Windows Server variants) and related OSes. The faulty enforcement of permissions is the root cause. The connected CIRCL entry indicates a public exploit is available ...

7CVSS7.5AI score0.03046EPSS
Total number of security vulnerabilities418