376 matches found
CVE-2017-11885
CVE-2017-11885 is a Windows RRAS (Routing and Remote Access) remote code execution vulnerability affecting multiple Windows versions. The vulnerability arises from how RRAS handles requests, enabling remote execution without user interaction. Public exploitation exists (e.g., Exploit-DB entry lin...
CVE-2018-0754
The CVE-2018-0754 entry concerns the Windows Adobe Type Manager Font Driver (Atmfd.dll). Multiple sources confirm an information-disclosure vulnerability arising from the way objects are handled in memory within Atmfd.dll, affecting Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2/R2, W...
CVE-2018-8485
CVE-2018-8485 is a DirectX local privilege-escalation vulnerability: DirectX mismanages objects in memory, enabling code execution with kernel privileges on affected Windows versions (Windows 8.1/Server 2012/2012 R2/10/Server 2016-2019 and related). Root cause is memory handling in DirectX; impac...
CVE-2018-8565
CVE-2018-8565 is an information-disclosure vulnerability in the Windows win32k component where kernel information is improperly provided. The vulnerability affects multiple Windows editions (as listed in the NVD entry: Windows 7, Server 2012 R2/2016, Windows 8.1, 10 and corresponding server SKUs,...
CVE-2017-0038
The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...
CVE-2017-8565
CVE-2017-8565 is a Windows PowerShell remote code execution vulnerability triggered when PSObject wraps a CIM Instance. Connected sources describe in detail that deserialization via PSObject, LosFormatter, ObjectStateFormatter (and related gadget chains) can enable remote code execution in PowerS...
CVE-2018-0829
The Windows kernel information disclosure in CVE-2018-0829 affects multiple Windows versions: Windows 7 SP1; Windows 8.1 and RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 and R2; Windows 10 releases (Gold, 1511, 1607, 1703, 1709); Windows Server 2016 and Windows Server version 1...
CVE-2018-0868
CVE-2018-0868 concerns a Windows Installer elevation-of-privilege vulnerability in the Windows Installer service across affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 versions up to 1709, and related Server var...
CVE-2018-8423
CVE-2018-8423 : A remote code execution vulnerability exists in the Microsoft JET Database Engine. The issue affects Windows client/server family (Windows 7, 8.1, 10; Windows Server 2008/2012/2016/2019 and R2 variants). The root cause is within the JET Database Engine component; exploitation requ...
CVE-2018-8477
CVE-2018-8477 is a Windows kernel information disclosure vulnerability caused by improper handling of objects in memory. Affected products include multiple Windows client and server editions (e.g., Windows 7, Windows 8.1, Windows 10, Windows Server 2008/2008 R2, 2012/2012 R2, 2016, 2019). The vul...
CVE-2016-0145
CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...
CVE-2017-0211
CVE-2017-0211 is a Windows OLE/COM elevation-of-privilege issue where a Structured Storage object can be exposed across a security boundary via a property bag, enabling creation of a remote COM object in the server process and potential privilege escalation. Google Project Zero details show how I...
CVE-2018-0816
Technical details about CVE-2018-0816 are not publicly provided in the connected documents; the initial description summarizes the vulnerability but does not specify affected products, versions, impact, or fixes.
CVE-2018-1013
CVE-2018-1013 is a remote code execution issue in the Windows font library triggered by specially crafted embedded fonts. Affected OS versions include Windows 7, Windows 8.1, Windows 10 and corresponding Server editions (2012/2016, etc.). Root cause is improper handling of embedded fonts by the W...
CVE-2017-0100
CVE-2017-0100 is a local elevation-of-privilege vulnerability in a DCOM object registered by Helppane.exe (Windows HelpPane). A crafted application can exploit RunAs authentication issues to execute code in another user’s session on affected Windows 7 SP1, Server 2008 R2, 8.1, 2012, RT 8.1, 10 (1...
CVE-2018-1015
CVE-2018-1015 is a Windows font library remote code execution vulnerability triggered by specially crafted embedded fonts. The NVD entries describe the issue as affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows 10 and corresponding Server ...
CVE-2016-0026
Technical details about CVE-2016-0026 are not publicly provided in the supplied documents; no specific affected products or fixes are described. Monitor for updates.
CVE-2018-8167
CVE-2018-8167 is a Windows CLFS driver elevation of privilege vulnerability. The issue arises when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Affected products/versions include Windows 7, Windows Server 2008/2008 R2/2012/2012 R2, Windows 8.1, Windows 10...
CVE-2022-35756
Technical details about CVE-2022-35756 (affected products, root cause, impact, fix) are not provided in the connected documents. Monitor for official disclosures and updates from Microsoft and CVE listings.
CVE-2018-0753
CVE-2018-0753 describes a denial-of-service vulnerability in Windows IPSec where the system may stop responding due to how objects are handled in memory. Affected products explicitly include Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 versions 1511/1607/1703/1709, Windows Server 2...
CVE-2018-0971
CVE-2018-0971 is an information-disclosure vulnerability in the Windows kernel that could enable an attacker to bypass Kernel ASLR. The Initial description lists affected Windows versions (multiple client/server editions). Connected documents show exploitation references: CIRCL entries for CVE-20...
CVE-2018-8514
CVE-2018-8514 is an information-disclosure vulnerability in the Windows Remote Procedure Call (RPC) runtime caused by improper initialization of memory objects. Affected products include Windows 7, Windows 8.1, Windows 10 (various editions), Windows Server 2008/2012/2012 R2/2016/2019, and Windows...
CVE-2017-0269
CVE-2017-0269 is a Windows SMBv1 denial-of-service vulnerability: the SMBv1 server may stop responding when it receives specially crafted requests. The issue is tied to handling of SMBv1 traffic (no explicit exploit details in the provided docs). Affected context is Windows SMBv1 processing; pote...
CVE-2018-0959
CVE-2018-0959 is a remote code execution vulnerability in Windows Hyper-V where a host server fails to validate input from an authenticated user on a guest OS. Affected products include Windows clients and server editions listed in the description (e.g., Windows 7, 8.1; Windows Server 2008-2016; ...
CVE-2018-0832
CVE-2018-0832 affects the Windows kernel and relates to how memory objects are handled, causing an information disclosure vulnerability. Affected products/versions include Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 versions 1511, ...
CVE-2018-0976
The CVE-2018-0976 entry describes a denial-of-service vulnerability in Windows RDP that can be triggered by specially crafted RDP requests, reportedly affecting Windows 7, Windows Server 2008/2012 families, Windows 8.1, and Windows 10/Server 2016+ clients. The connected documents do not provide c...
CVE-2018-8411
CVE-2018-8411 is a local NTFS elevation-of-privilege vulnerability in Windows due to NTFS failing to properly check access rights. A local attacker could exploit this to gain elevated privileges on affected Windows editions (Windows 7, Windows 8.1, Windows 10, Windows Server 2008/2012/2016/2019 a...
CVE-2017-11927
Technical details about CVE-2017-11927 are not publicly available in the provided connected documents. Monitor for updates; include affected products/versions and remediation when disclosures become available.
CVE-2017-0181
CVE-2017-0181 affects the Windows Hyper-V Network Switch on Windows 10/Windows Server 2016 hosts. The vulnerability is a remote code execution caused by improper validation of input from the guest OS, requiring an authenticated user on the guest. Connected sources confirm Hyper-V input validation...
CVE-2018-0825
CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...
CVE-2016-3209
CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...
CVE-2016-3301
CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...
CVE-2016-7237
CVE-2016-7237 affects Local Security Authority Subsystem Service (LSASS) in Windows between Vista SP2 and Windows Server 2016. The vulnerability allows remote authenticated users to cause a denial of service (system hang) by sending a crafted request, via the LSASS handling path (notably connecte...
CVE-2017-8676
CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...
CVE-2018-8136
CVE-2018-8136 is described as a remote code execution vulnerability in how Windows handles objects in memory, affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers. The con...
CVE-2016-3223
CVE-2016-3223 relates to a Group Policy Elevation of Privilege vulnerability in Windows where LDAP authentication is mishandled, enabling a MiTM attacker to modify domain controller–to–client Group Policy update data and potentially escalate privileges. The issue affects multiple Windows editions...
CVE-2017-0078
Technical details for CVE-2017-0078 are not provided in the connected documents. Monitor for updates from official advisories; no exploit, impact, or remediation specifics are included here.
CVE-2018-0846
The connected documents confirm CVE-2018-0846 affects the Windows Common Log File System (CLFS) driver and describes an elevation-of-privilege flaw caused by improper handling of objects in memory. Affected products include various Windows client/server builds (Windows 7 SP1, Windows 8.1/RT 8.1, ...
CVE-2020-0643
The CVE-2020-0643 entry concerns a information-disclosure vulnerability in Windows GDI+ where memory objects are mishandled. Connected CNVD-2020-04849 describes a Microsoft Windows Graphics Device Interface Plus information disclosure vulnerability with the same affected component; it states that...
CVE-2016-0042
CVE-2016-0042 corresponds to a Windows DLL loading Remote Code Execution vulnerability. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10 (including 1511). The flaw arises from mishandling D...
CVE-2017-0062
CVE-2017-0062 affects the Graphics Device Interface (GDI) in multiple Windows versions (Vista SP2 through Windows 10/1607). It enables local attackers to disclose sensitive process-memory information via a crafted web site; impact is information disclosure. Connected CIRCL entries indicate the vu...
CVE-2018-8481
CVE-2018-8481 is an information-disclosure vulnerability in Windows Media Player where file information can be improperly disclosed. Affected products listed include Windows 7, Windows 8.1, Windows 10 (and corresponding Windows Server editions). The connected documents (EUVD/CNVD/NVD) describe th...
CVE-2017-0279
CVE-2017-0279 corresponds to a remote code execution vulnerability in the Microsoft Windows SMB v1 server. The available connected and initial documents indicate: affected component is the SMBv1 server (Server Message Block 1.0) on multiple Windows platforms (e.g., Windows 7, Windows 8.1, Windows...
CVE-2017-11771
CVE-2017-11771 is a remote code execution vulnerability in the Microsoft Windows Search component. The issue arises from improper handling of DNS responses by the Windows Search service, allowing an unauthenticated, remote attacker to execute code on affected systems. The CVE is referenced alongs...
CVE-2018-0830
CVE-2018-0830 is a Windows kernel local information-disclosure vulnerability caused by how objects in memory are handled. Affected products include Windows 7 SP1; Windows 8.1 and RT 8.1; Windows Server 2008 SP2/R2 SP1; Windows Server 2012/R2; Windows 10 releases Gold, 1511, 1607, 1703, 1709; Wind...
CVE-2018-8482
CVE-2018-8482 is an information-disclosure vulnerability in Windows Media Player where file information can be improperly disclosed. Affected products include Windows 7, Windows 8.1, Windows 10 and corresponding server editions listed in the description. The root cause is an information disclosur...
CVE-2023-21739
Technical details about CVE-2023-21739 are not provided in the connected documents. The supplied items reference other CVEs and updates; please monitor official vulnerability notes from Microsoft/NVD for details and remediation.
CVE-2017-8528
CVE-2017-8528 concerns a remote code execution vulnerability in Microsoft Windows Uniscribe (usp10.dll) where объектs in memory are mishandled. Affected platforms span Windows 7/8.1/10 and several Server SKUs with Office 2007/2010. Exploitation is possible via crafted documents or web content, pe...
CVE-2018-0757
Technical details about CVE-2018-0757 are not publicly available in the provided documents. Connected sources discuss malware and general Windows kernel disclosures but do not specify affected products, versions, or fixes. Monitor for official updates.
CVE-2019-0754
Technical details about CVE-2019-0754 are not publicly provided in the connected documents. The available sources reiterate the general Windows DoS description without specifics on affected components, versions, or fixes. Monitor for updates.