Lucene search
+L

376 matches found

CVE
CVE
added 2017/12/12 9:0 p.m.149 views

CVE-2017-11885

CVE-2017-11885 is a Windows RRAS (Routing and Remote Access) remote code execution vulnerability affecting multiple Windows versions. The vulnerability arises from how RRAS handles requests, enabling remote execution without user interaction. Public exploitation exists (e.g., Exploit-DB entry lin...

8.5CVSS8.3AI score0.45521EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.148 views

CVE-2018-0754

The CVE-2018-0754 entry concerns the Windows Adobe Type Manager Font Driver (Atmfd.dll). Multiple sources confirm an information-disclosure vulnerability arising from the way objects are handled in memory within Atmfd.dll, affecting Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2/R2, W...

5.5CVSS5.2AI score0.02279EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.148 views

CVE-2018-8485

CVE-2018-8485 is a DirectX local privilege-escalation vulnerability: DirectX mismanages objects in memory, enabling code execution with kernel privileges on affected Windows versions (Windows 8.1/Server 2012/2012 R2/10/Server 2016-2019 and related). Root cause is memory handling in DirectX; impac...

7.8CVSS6.5AI score0.01193EPSS
CVE
CVE
added 2018/11/14 1:0 a.m.147 views

CVE-2018-8565

CVE-2018-8565 is an information-disclosure vulnerability in the Windows win32k component where kernel information is improperly provided. The vulnerability affects multiple Windows editions (as listed in the NVD entry: Windows 7, Server 2012 R2/2016, Windows 8.1, 10 and corresponding server SKUs,...

5.5CVSS6.4AI score0.03177EPSS
CVE
CVE
added 2017/02/20 4:0 p.m.146 views

CVE-2017-0038

The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...

5.5CVSS4.7AI score0.821EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.145 views

CVE-2017-8565

CVE-2017-8565 is a Windows PowerShell remote code execution vulnerability triggered when PSObject wraps a CIM Instance. Connected sources describe in detail that deserialization via PSObject, LosFormatter, ObjectStateFormatter (and related gadget chains) can enable remote code execution in PowerS...

9.3CVSS7.3AI score0.17522EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.145 views

CVE-2018-0829

The Windows kernel information disclosure in CVE-2018-0829 affects multiple Windows versions: Windows 7 SP1; Windows 8.1 and RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 and R2; Windows 10 releases (Gold, 1511, 1607, 1703, 1709); Windows Server 2016 and Windows Server version 1...

4.7CVSS4.9AI score0.02076EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.145 views

CVE-2018-0868

CVE-2018-0868 concerns a Windows Installer elevation-of-privilege vulnerability in the Windows Installer service across affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 versions up to 1709, and related Server var...

7CVSS6.1AI score0.01221EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.144 views

CVE-2018-8423

CVE-2018-8423 : A remote code execution vulnerability exists in the Microsoft JET Database Engine. The issue affects Windows client/server family (Windows 7, 8.1, 10; Windows Server 2008/2012/2016/2019 and R2 variants). The root cause is within the JET Database Engine component; exploitation requ...

9.3CVSS7.8AI score0.32705EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.144 views

CVE-2018-8477

CVE-2018-8477 is a Windows kernel information disclosure vulnerability caused by improper handling of objects in memory. Affected products include multiple Windows client and server editions (e.g., Windows 7, Windows 8.1, Windows 10, Windows Server 2008/2008 R2, 2012/2012 R2, 2016, 2019). The vul...

5.5CVSS6.5AI score0.01796EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.143 views

CVE-2016-0145

CVE-2016-0145 is a Graphics Memory Corruption vulnerability in the Windows font library. A remote attacker can execute arbitrary code by delivering a crafted embedded font, affecting Windows flavors listed in the vulnerability entry (e.g., Windows Vista through Windows 10 versions, Windows Server...

9.3CVSS7.7AI score0.43272EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.143 views

CVE-2017-0211

CVE-2017-0211 is a Windows OLE/COM elevation-of-privilege issue where a Structured Storage object can be exposed across a security boundary via a property bag, enabling creation of a remote COM object in the server process and potential privilege escalation. Google Project Zero details show how I...

5.5CVSS6.4AI score0.13975EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.143 views

CVE-2018-0816

Technical details about CVE-2018-0816 are not publicly provided in the connected documents; the initial description summarizes the vulnerability but does not specify affected products, versions, impact, or fixes.

7CVSS6.2AI score0.01267EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.143 views

CVE-2018-1013

CVE-2018-1013 is a remote code execution issue in the Windows font library triggered by specially crafted embedded fonts. Affected OS versions include Windows 7, Windows 8.1, Windows 10 and corresponding Server editions (2012/2016, etc.). Root cause is improper handling of embedded fonts by the W...

9.3CVSS7.3AI score0.2349EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.142 views

CVE-2017-0100

CVE-2017-0100 is a local elevation-of-privilege vulnerability in a DCOM object registered by Helppane.exe (Windows HelpPane). A crafted application can exploit RunAs authentication issues to execute code in another user’s session on affected Windows 7 SP1, Server 2008 R2, 8.1, 2012, RT 8.1, 10 (1...

7.8CVSS6.2AI score0.04957EPSS
Web
CVE
CVE
added 2018/04/12 1:0 a.m.142 views

CVE-2018-1015

CVE-2018-1015 is a Windows font library remote code execution vulnerability triggered by specially crafted embedded fonts. The NVD entries describe the issue as affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows 10 and corresponding Server ...

9.3CVSS7.3AI score0.2349EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.141 views

CVE-2016-0026

Technical details about CVE-2016-0026 are not publicly provided in the supplied documents; no specific affected products or fixes are described. Monitor for updates.

9.3CVSS7.5AI score0.06767EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.140 views

CVE-2018-8167

CVE-2018-8167 is a Windows CLFS driver elevation of privilege vulnerability. The issue arises when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Affected products/versions include Windows 7, Windows Server 2008/2008 R2/2012/2012 R2, Windows 8.1, Windows 10...

7CVSS7.3AI score0.01074EPSS
CVE
CVE
added 2023/05/31 6:7 p.m.140 views

CVE-2022-35756

Technical details about CVE-2022-35756 (affected products, root cause, impact, fix) are not provided in the connected documents. Monitor for official disclosures and updates from Microsoft and CVE listings.

7.8CVSS8.6AI score0.11306EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.139 views

CVE-2018-0753

CVE-2018-0753 describes a denial-of-service vulnerability in Windows IPSec where the system may stop responding due to how objects are handled in memory. Affected products explicitly include Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 versions 1511/1607/1703/1709, Windows Server 2...

7.1CVSS5.4AI score0.09024EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.138 views

CVE-2018-0971

CVE-2018-0971 is an information-disclosure vulnerability in the Windows kernel that could enable an attacker to bypass Kernel ASLR. The Initial description lists affected Windows versions (multiple client/server editions). Connected documents show exploitation references: CIRCL entries for CVE-20...

5.5CVSS5AI score0.0358EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.138 views

CVE-2018-8514

CVE-2018-8514 is an information-disclosure vulnerability in the Windows Remote Procedure Call (RPC) runtime caused by improper initialization of memory objects. Affected products include Windows 7, Windows 8.1, Windows 10 (various editions), Windows Server 2008/2012/2012 R2/2016/2019, and Windows...

5.5CVSS6.6AI score0.01889EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.137 views

CVE-2017-0269

CVE-2017-0269 is a Windows SMBv1 denial-of-service vulnerability: the SMBv1 server may stop responding when it receives specially crafted requests. The issue is tied to handling of SMBv1 traffic (no explicit exploit details in the provided docs). Affected context is Windows SMBv1 processing; pote...

5.9CVSS6.2AI score0.06465EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.137 views

CVE-2018-0959

CVE-2018-0959 is a remote code execution vulnerability in Windows Hyper-V where a host server fails to validate input from an authenticated user on a guest OS. Affected products include Windows clients and server editions listed in the description (e.g., Windows 7, 8.1; Windows Server 2008-2016; ...

7.6CVSS7.9AI score0.10186EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.136 views

CVE-2018-0832

CVE-2018-0832 affects the Windows kernel and relates to how memory objects are handled, causing an information disclosure vulnerability. Affected products/versions include Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 versions 1511, ...

4.7CVSS4.9AI score0.02386EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.136 views

CVE-2018-0976

The CVE-2018-0976 entry describes a denial-of-service vulnerability in Windows RDP that can be triggered by specially crafted RDP requests, reportedly affecting Windows 7, Windows Server 2008/2012 families, Windows 8.1, and Windows 10/Server 2016+ clients. The connected documents do not provide c...

5.3CVSS6.3AI score0.04721EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.136 views

CVE-2018-8411

CVE-2018-8411 is a local NTFS elevation-of-privilege vulnerability in Windows due to NTFS failing to properly check access rights. A local attacker could exploit this to gain elevated privileges on affected Windows editions (Windows 7, Windows 8.1, Windows 10, Windows Server 2008/2012/2016/2019 a...

7.8CVSS7.5AI score0.0307EPSS
CVE
CVE
added 2017/12/12 9:0 p.m.135 views

CVE-2017-11927

Technical details about CVE-2017-11927 are not publicly available in the provided connected documents. Monitor for updates; include affected products/versions and remediation when disclosures become available.

6.5CVSS6.9AI score0.09617EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.134 views

CVE-2017-0181

CVE-2017-0181 affects the Windows Hyper-V Network Switch on Windows 10/Windows Server 2016 hosts. The vulnerability is a remote code execution caused by improper validation of input from the guest OS, requiring an authenticated user on the guest. Connected sources confirm Hyper-V input validation...

7.6CVSS7.8AI score0.03147EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.134 views

CVE-2018-0825

CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...

7.6CVSS7.3AI score0.16778EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.133 views

CVE-2016-3209

CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...

5.5CVSS6AI score0.53653EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.133 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.133 views

CVE-2016-7237

CVE-2016-7237 affects Local Security Authority Subsystem Service (LSASS) in Windows between Vista SP2 and Windows Server 2016. The vulnerability allows remote authenticated users to cause a denial of service (system hang) by sending a crafted request, via the LSASS handling path (notably connecte...

6.8CVSS6.2AI score0.65059EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.133 views

CVE-2017-8676

CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...

3.3CVSS4.9AI score0.1404EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.133 views

CVE-2018-8136

CVE-2018-8136 is described as a remote code execution vulnerability in how Windows handles objects in memory, affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers. The con...

9.3CVSS8.4AI score0.23243EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.131 views

CVE-2016-3223

CVE-2016-3223 relates to a Group Policy Elevation of Privilege vulnerability in Windows where LDAP authentication is mishandled, enabling a MiTM attacker to modify domain controller–to–client Group Policy update data and potentially escalate privileges. The issue affects multiple Windows editions...

9.3CVSS7.9AI score0.21091EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.131 views

CVE-2017-0078

Technical details for CVE-2017-0078 are not provided in the connected documents. Monitor for updates from official advisories; no exploit, impact, or remediation specifics are included here.

7.8CVSS6AI score0.02388EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.131 views

CVE-2018-0846

The connected documents confirm CVE-2018-0846 affects the Windows Common Log File System (CLFS) driver and describes an elevation-of-privilege flaw caused by improper handling of objects in memory. Affected products include various Windows client/server builds (Windows 7 SP1, Windows 8.1/RT 8.1, ...

7.8CVSS6.8AI score0.01239EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.131 views

CVE-2020-0643

The CVE-2020-0643 entry concerns a information-disclosure vulnerability in Windows GDI+ where memory objects are mishandled. Connected CNVD-2020-04849 describes a Microsoft Windows Graphics Device Interface Plus information disclosure vulnerability with the same affected component; it states that...

5.5CVSS6.5AI score0.01307EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.130 views

CVE-2016-0042

CVE-2016-0042 corresponds to a Windows DLL loading Remote Code Execution vulnerability. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10 (including 1511). The flaw arises from mishandling D...

7.8CVSS7.8AI score0.05651EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.130 views

CVE-2017-0062

CVE-2017-0062 affects the Graphics Device Interface (GDI) in multiple Windows versions (Vista SP2 through Windows 10/1607). It enables local attackers to disclose sensitive process-memory information via a crafted web site; impact is information disclosure. Connected CIRCL entries indicate the vu...

4.7CVSS4.3AI score0.17832EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.130 views

CVE-2018-8481

CVE-2018-8481 is an information-disclosure vulnerability in Windows Media Player where file information can be improperly disclosed. Affected products listed include Windows 7, Windows 8.1, Windows 10 (and corresponding Windows Server editions). The connected documents (EUVD/CNVD/NVD) describe th...

3.1CVSS4.9AI score0.05141EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.129 views

CVE-2017-0279

CVE-2017-0279 corresponds to a remote code execution vulnerability in the Microsoft Windows SMB v1 server. The available connected and initial documents indicate: affected component is the SMBv1 server (Server Message Block 1.0) on multiple Windows platforms (e.g., Windows 7, Windows 8.1, Windows...

7CVSS7.7AI score0.1085EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.129 views

CVE-2017-11771

CVE-2017-11771 is a remote code execution vulnerability in the Microsoft Windows Search component. The issue arises from improper handling of DNS responses by the Windows Search service, allowing an unauthenticated, remote attacker to execute code on affected systems. The CVE is referenced alongs...

10CVSS9.6AI score0.64132EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.129 views

CVE-2018-0830

CVE-2018-0830 is a Windows kernel local information-disclosure vulnerability caused by how objects in memory are handled. Affected products include Windows 7 SP1; Windows 8.1 and RT 8.1; Windows Server 2008 SP2/R2 SP1; Windows Server 2012/R2; Windows 10 releases Gold, 1511, 1607, 1703, 1709; Wind...

4.7CVSS4.9AI score0.02076EPSS
CVE
CVE
added 2018/10/10 1:0 p.m.129 views

CVE-2018-8482

CVE-2018-8482 is an information-disclosure vulnerability in Windows Media Player where file information can be improperly disclosed. Affected products include Windows 7, Windows 8.1, Windows 10 and corresponding server editions listed in the description. The root cause is an information disclosur...

3.1CVSS4.9AI score0.05141EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.129 views

CVE-2023-21739

Technical details about CVE-2023-21739 are not provided in the connected documents. The supplied items reference other CVEs and updates; please monitor official vulnerability notes from Microsoft/NVD for details and remediation.

7CVSS7AI score0.00564EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.128 views

CVE-2017-8528

CVE-2017-8528 concerns a remote code execution vulnerability in Microsoft Windows Uniscribe (usp10.dll) where объектs in memory are mishandled. Affected platforms span Windows 7/8.1/10 and several Server SKUs with Office 2007/2010. Exploitation is possible via crafted documents or web content, pe...

9.3CVSS5.9AI score0.19889EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.128 views

CVE-2018-0757

Technical details about CVE-2018-0757 are not publicly available in the provided documents. Connected sources discuss malware and general Windows kernel disclosures but do not specify affected products, versions, or fixes. Monitor for official updates.

4.7CVSS5AI score0.01615EPSS
CVE
CVE
added 2019/04/08 11:34 p.m.128 views

CVE-2019-0754

Technical details about CVE-2019-0754 are not publicly provided in the connected documents. The available sources reiterate the general Windows DoS description without specifics on affected components, versions, or fixes. Monitor for updates.

5.5CVSS6.4AI score0.01616EPSS
Total number of security vulnerabilities376