Lucene search
K

376 matches found

CVE
CVE
added 2016/04/12 11:0 p.m.515 views

CVE-2016-0165

CVE-2016-0165 is a Windows kernel-mode privilege-escalation issue affecting the Win32k subsystem (win32k.sys). The vulnerability allows a local attacker to gain higher privileges by exploiting how memory/objects are handled in the kernel, as described in CNVD-2016-02281. Affected products include...

7.8CVSS6.8AI score0.13841EPSS
In wild
CVE
CVE
added 2016/04/12 11:0 p.m.477 views

CVE-2016-0128

Technical details about CVE-2016-0128 are not provided in the connected documents. The initial description mentions Badlock affecting Windows SAM/LSAD, but no explicit exploit vectors, affected products, or fixes are given here. Monitor for updates.

6.8CVSS6.4AI score0.20877EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.376 views

CVE-2022-24503

CVE-2022-24503 is a Remote Desktop Protocol Client Information Disclosure vulnerability. Connected sources indicate it affects Windows Remote Desktop Client and can be triggered over the network with no authentication and no user interaction, exposing partial confidentiality (C:L). The issue is t...

5.4CVSS6.6AI score0.02215EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.352 views

CVE-2022-38028

CVE-2022-38028 is a Windows Print Spooler privilege-escalation vulnerability. It arises from improper privilege assignment in the Print Spooler service, enabling a local attacker with low privileges and no user interaction to escalate to SYSTEM. Public exploits have been observed; CISA/KEV and MS...

7.8CVSS8.3AI score0.14949EPSS
In wild
CVE
CVE
added 2017/09/13 1:0 a.m.351 views

CVE-2017-8628

CVE-2017-8628 concerns a spoofing vulnerability in Microsoft’s Bluetooth driver stack for Windows platforms. The flaw allows an attacker within physical proximity and with Bluetooth enabled to initiate a Bluetooth connection and perform a man-in-the-middle attack, potentially forcing traffic thro...

6.8CVSS7AI score0.02307EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.350 views

CVE-2017-0055

CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...

6.1CVSS5.4AI score0.16369EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.322 views

CVE-2018-8641

CVE-2018-8641 is a Windows Win32k kernel-mode privilege-escalation vulnerability. The Win32k component fails to properly handle objects in memory, enabling local privilege escalation. Affected products include multiple Windows versions (Windows 7, Windows 8.1, Windows 10 and corresponding Server ...

7.8CVSS8.5AI score0.01116EPSS
In wild
CVE
CVE
added 2018/05/09 7:0 p.m.287 views

CVE-2018-8166

The CVE-2018-8166 entry is supported by connected documents describing a Win32k privilege-escalation vulnerability in Windows where the Win32k component mishandles objects in memory, allowing local kernel-mode code execution if exploited. Affected products span multiple Windows versions (e.g., Wi...

7CVSS7.4AI score0.01169EPSS
In wild
CVE
CVE
added 2020/01/14 11:11 p.m.287 views

CVE-2020-0611

CVE-2020-0611 is a remote code execution vulnerability in the Windows Remote Desktop Client. Connected documents confirm the flaw affects the RDP client when a user connects to a malicious server, enabling arbitrary code execution on the client. The Microsoft blogs and advisories describe pre-aut...

7.5CVSS8.8AI score0.0808EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.283 views

CVE-2018-8164

CVE-2018-8164 is a Win32k privilege-escalation vulnerability in Windows where the Win32k component fails to properly handle objects in memory. Affected are multiple Windows releases (server and client SKUs listed in the CVE entry). The connected documents corroborate a kernel-mode elevation of pr...

7.8CVSS7.4AI score0.01424EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.268 views

CVE-2017-0214

CVE-2017-0213 is a Windows Privilege Escalation flaw in the COM Aggregate Marshaler. Reports confirm it enables local elevation of privilege when a specially crafted app is run, affecting Windows client and server SKUs listed in the CVE description. Several connected sources document exploitation...

7CVSS5.9AI score0.03457EPSS
In wild
CVE
CVE
added 2016/04/12 11:0 p.m.263 views

CVE-2016-0143

CVE-2016-0143 is a Windows Win32k Privilege Escalation vulnerability in the kernel-mode driver (win32k.sys) affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, 2012, RT 8.1, Windows 10 Gold/1511). Root cause: improper handling of objects in memory within the Wi...

7.8CVSS6.8AI score0.03596EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.259 views

CVE-2016-3308

Technical details for CVE-2016-3308 are not publicly available in the provided documents; monitor for updates.

7.8CVSS7.5AI score0.06418EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.258 views

CVE-2017-0025

Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.

7.8CVSS6.2AI score0.01835EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.252 views

CVE-2017-0047

Technical details about CVE-2017-0047 are not provided in the connected documents. Public information in the Initial Description is limited to an overview; monitor for updates.

7.8CVSS6.2AI score0.01858EPSS
In wild
CVE
CVE
added 2017/07/11 9:0 p.m.244 views

CVE-2017-8563

CVE-2017-8563 is an elevation-of-privilege vulnerability in Windows where Kerberos can fall back to NTLM as the default authentication protocol. The issue is exposed via LDAP/NTLM negotiation and can enable domain‑level credential abuse if NTLM relay occurs. Public documentation notes that follow...

8.1CVSS7.1AI score0.07176EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.230 views

CVE-2016-3311

CVE-2016-3311 is a Windows kernel-mode driver elevation of privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, Server 2012, Windows RT 8.1, and Windows 10 variants). The issue arises in Win32k kernel components where a crafted applicatio...

7.8CVSS7.5AI score0.01528EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.222 views

CVE-2016-7182

CVE-2016-7182 is a true‑type font parsing elevation of privilege vulnerability in the Windows Graphics component. The flaw affects multiple Windows OS versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7/8.1/10, Windows Server 2012 R2, Windows RT 8.1, Office 2007/2010, Word Viewer, Skype for Bu...

10CVSS8.7AI score0.30323EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.220 views

CVE-2016-3310

CVE-2016-3310 is a Win32k Elevation of Privilege vulnerability affecting multiple Windows versions. The issue arises in kernel‑mode drivers where improper handling of memory objects enables a local user to execute code with SYSTEM privileges via a crafted application. This is a local, non‑authent...

7.8CVSS7.5AI score0.02628EPSS
In wild
CVE
CVE
added 2017/07/11 9:0 p.m.201 views

CVE-2017-8582

CVE-2017-8582 affects the HTTP.sys server component in multiple Windows editions. The vulnerability arises from the component’s improper handling of in-memory objects, enabling a remote, unauthenticated attacker to obtain information and potentially facilitate further compromise. The impact is an...

5.9CVSS5.7AI score0.08294EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.192 views

CVE-2017-0174

CVE-2017-0174 is a Windows NetBIOS Denial of Service vulnerability. Exploitation involves sending malformed NetBIOS packets to affected Windows versions (Windows 7/8.1/10, Windows Server 2008-2016 and related). The underlying cause is improper handling within the Windows NetBIOS/network stack, al...

6.5CVSS6.9AI score0.0258EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.191 views

CVE-2017-0272

CVE-2017-0272 affects the Microsoft Windows SMBv1 server on Windows clients/servers (Windows 7/8.1, Windows Server 2008 SP2/R2 SP1, 2012, 2016, 10 versions etc.). Root cause: the SMBv1 server mishandles certain requests, enabling remote code execution by a remote attacker. Impact is high (remote ...

9.3CVSS7.7AI score0.17121EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.186 views

CVE-2016-0051

CVE-2016-0051 is a local privilege-escalation vulnerability in the Windows WebDAV client. The issue stems from the WebDAV client’s handling of crafted input, allowing a local attacker to gain SYSTEM-level privileges on affected Vista/7/8.1/2012/RT/10 variants with the WebDAV component (WebDAV cli...

7.8CVSS7.5AI score0.23383EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.184 views

CVE-2018-8413

CVE-2018-8413 affects the Windows Theme API and specifically the ThemePack (CAB-based) file parser used by Windows theme files. The connected exploit entries describe a vulnerability in the ThemePack parser that allows attackers to create arbitrary files at arbitrary locations, enabling remote co...

9.3CVSS7.9AI score0.46406EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.183 views

CVE-2018-0746

CVE-2018-0746 is a Windows kernel local information disclosure vulnerability affecting Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 versions (Gold, 1511, 1607, 1703, 1709), Windows Server 2016 and Windows Server 1709. The root cause is described as improper handling of memory addre...

4.7CVSS4.6AI score0.04075EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.177 views

CVE-2022-24502

Technical details about CVE-2022-24502 are not provided in the supplied documents. The provided materials do not include affected products/versions/root cause/fix information. Monitor for updates.

6.5CVSS6.1AI score0.32391EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.174 views

CVE-2018-1010

Technical details about CVE-2018-1010 are not publicly provided in the supplied documents. The connected MSKB entries relate to OS updates but do not disclose vulnerability specifics. Monitor for updates from Microsoft for any confirmed fixes or advisories.

9.3CVSS7.3AI score0.40069EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.174 views

CVE-2018-1016

CVE-2018-1016 is a Windows font library remote code execution vulnerability. The issue arises from the Windows font library improperly handling specially crafted embedded fonts, enabling code execution on a vulnerable system. Affected products include multiple Windows versions (Windows 7, Windows...

9.3CVSS7.3AI score0.2349EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.173 views

CVE-2018-0744

CVE-2018-0744 is a Windows kernel elevation-of-privilege vulnerability affecting Windows 8.1/RT 8.1, Windows Server 2012/R2, Windows 10 (various builds up to 1709), and Windows Server 2016/1709. The issue arises from how the kernel handles objects in memory, enabling local privilege escalation. E...

7CVSS5.5AI score0.15023EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.171 views

CVE-2018-0878

CVE-2018-0878 is a Windows Remote Assistance information-disclosure vulnerability caused by how XML External Entities (XXE) are processed. The CVE applies to multiple Windows client/server SKUs (Windows 7 SP1, 8.1/RT 8.1, Windows Server 2008 SP2/R2 SP1, 2012/R2, Windows 10 versions 1511–1709, and...

3.1CVSS5AI score0.21899EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.168 views

CVE-2017-0267

CVE-2017-0267 is an SMBv1 information-disclosure vulnerability in Microsoft Windows SMB Server 1.0. The issue arises from improper handling of certain SMBv1 requests, allowing a remote attacker to obtain sensitive information by sending specially crafted data to affected servers across multiple W...

5.9CVSS6.1AI score0.12737EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.163 views

CVE-2017-0283

CVE-2017-0283 is described in the connected MSKB as a remote code execution vulnerability in Microsoft Office components that could be triggered by opening a specially crafted Office file. The MSKB describes a security update KB3191937 for Skype for Business 2015 (Lync 2013) that addresses CVE-20...

9.3CVSS6.4AI score0.39019EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.162 views

CVE-2018-0742

Technical details (affected product/versions/root cause/fix) are not publicly available in the provided documents. Monitor for updates from trusted sources.

7.8CVSS5.5AI score0.01266EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.161 views

CVE-2018-0747

Technical details for CVE-2018-0747 are not publicly provided in the supplied documents; no concrete affected products, root cause, or patch information are present. Monitor for updates.

4.7CVSS4.6AI score0.0208EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.158 views

CVE-2020-0607

CVE-2020-0607 is an information disclosure vulnerability in Microsoft Windows Graphics Components related to how memory objects are handled. The issue could allow partial disclosure of information (CVSS2: Confidentiality Partial; AV:N/AC:M/Au:N/I:N/A:N) with a local-style potential exploit (CVSS3...

5.5CVSS6.5AI score0.05927EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.157 views

CVE-2017-0170

CVE-2017-0170 is an information-disclosure flaw in Windows Performance Monitor Console where XML input is parsed unsafely, allowing an XML external entity (XXE) to read arbitrary files. Affected are Windows versions listed in the CVE description (Windows 7/8.1/10, Windows Server variants, and Win...

6.5CVSS6.1AI score0.06666EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.157 views

CVE-2018-1012

CVE-2018-1012 describes a remote code execution vulnerability in the Windows font library triggered by specially crafted embedded fonts, commonly called the Microsoft Graphics Remote Code Execution Vulnerability. Affected are Windows 7; Windows Server 2008, 2008 R2, 2012, 2012 R2; Windows 8.1; Wi...

9.3CVSS7.3AI score0.2349EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.156 views

CVE-2017-8695

CVE-2017-8695 is an information-disclosure vulnerability in Windows Uniscribe where Microsoft’s Graphics Component can leak memory contents when handling objects, exploitable via a specially crafted document or an untrusted webpage. Affected products span Windows versions from Windows Server 2008...

5.3CVSS6AI score0.09643EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.155 views

CVE-2017-0277

CVE-2017-0277 describes a remote code execution vulnerability in the Microsoft Windows SMBv1 server. The SMBv1 service on affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Windows 10 1511/1607/1703, Windows Server 2...

7CVSS7.7AI score0.1085EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.154 views

CVE-2017-0016

CVE-2017-0016 affects multiple Windows versions (Windows 10, 8.1, RT 8.1, Server 2012R2/2016) where SMBv2/v3 packet handling in the Server service is flawed, enabling a remote attacker to potentially cause a crash or execute arbitrary code via a crafted SMB request. The issue is tied to SMBv2/SMB...

7.1CVSS6.3AI score0.2373EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.154 views

CVE-2018-0967

CVE-2018-0967 is a Windows SNMP Service Denial of Service vulnerability. According to connected documents, it arises from how Windows SNMP Service handles malformed SNMP traps/messages, allowing an attacker to trigger a denial of service via a specially crafted SNMP payload. Affected product fami...

6.3CVSS6.3AI score0.18681EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.152 views

CVE-2016-7212

CVE-2016-7212 affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, 10 up to 1607, and Server 2016) where a crafted image file can lead to remote code execution. Root cause: improper handling in the Windows image load feature. Impact is remote cod...

9.3CVSS8AI score0.69829EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.152 views

CVE-2020-0608

CVE-2020-0608 is an information disclosure vulnerability affecting the Win32k component where kernel information is improperly disclosed. The root cause is in win32k exposing kernel data, leading to potential information disclosure with local access and no user interaction required. The CVSS metr...

5.5CVSS6.4AI score0.01307EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.150 views

CVE-2017-0158

CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...

7.6CVSS7.5AI score0.12558EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.150 views

CVE-2017-11780

CVE-2017-11780 is a remote code execution vulnerability in the Microsoft Windows Server Message Block 1.0 (SMBv1) server. The issue occurs when SMBv1 fails to handle certain requests, allowing an unauthenticated attacker to execute code on the target server over the network. Affected products inc...

7CVSS8.4AI score0.09961EPSS
CVE
CVE
added 2023/05/31 6:7 p.m.148 views

CVE-2022-35744

Technical details (affected product, root cause, impact, or fixes) are not provided in the supplied documents. Monitor for updates from official CVE sources; no specifics about exploitation, vectors, or mitigations are included here.

9.8CVSS9.6AI score0.01979EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.147 views

CVE-2018-0751

CVE-2018-0751 is a Windows Kernel API elevation-of-privilege vulnerability affecting Windows family (kernel API permission handling). The connected records reference the CVE as a Windows kernel issue and show related exploitation listings (e.g., exploit-db entries linked in CIRCL). No explicit pr...

7.1CVSS5.7AI score0.0276EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.146 views

CVE-2017-0161

CVE-2017-0161 is a Windows NetBT Session Services vulnerability described as a race condition when NetBT fails to maintain certain sequencing requirements, enabling a remote code execution in affected Windows releases. The CVE is present in Windows 7/8.1/10 and server SKUs listed in the initial d...

8.1CVSS7.7AI score0.11229EPSS
CVE
CVE
added 2017/12/12 9:0 p.m.146 views

CVE-2017-11885

CVE-2017-11885 is a Windows RRAS (Routing and Remote Access) remote code execution vulnerability affecting multiple Windows versions. The vulnerability arises from how RRAS handles requests, enabling remote execution without user interaction. Public exploitation exists (e.g., Exploit-DB entry lin...

8.5CVSS8.3AI score0.45521EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.146 views

CVE-2018-0817

Technical details about CVE-2018-0817 are not publicly provided in the supplied documents. Monitor for updates from official advisories; no affected products, root cause, or remediation are specified here.

7CVSS6.2AI score0.01352EPSS
Total number of security vulnerabilities376