Lucene search
+L
MicrosoftWindows 8

254 matches found

cve
cve
added 2015/11/11 11:0 a.m.81 views

CVE-2015-6103

CVE-2015-6103 affects the Adobe Type Manager Library in Windows Vista SP2, Server 2008 SP2/R2, Windows 7/8/8.1, Server 2012 (and RT) and Windows 10 1511. It allows remote code execution via a crafted embedded font. Public exploits exist (Exploit-DB entries 38714/38714), indicating observed exploi...

9.3CVSS7.9AI score0.35288EPSS
cve
cve
added 2015/11/11 11:0 a.m.81 views

CVE-2015-6112

CVE-2015-6112 affects the SChannel TLS implementation in multiple Windows OS versions (Vista SP2; Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8/8.1; Server 2012 Gold and R2; Windows RT Gold and 8.1). The root cause is that SChannel lacks extended master-secret binding support, so during re...

5.8CVSS5.8AI score0.02812EPSS
cve
cve
added 2016/01/13 2:0 a.m.81 views

CVE-2016-0007

CVE-2016-0007 is a local privilege escalation in the Windows sandbox: the sandbox implementation mishandles reparse points across multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012, RT, and Windows 10 1511). A crafted application could exploit this to gain...

7.8CVSS7.2AI score0.05446EPSS
cve
cve
added 2013/03/13 12:0 a.m.80 views

CVE-2013-1287

The CVE-2013-1287 issue affects the USB kernel-mode drivers in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 R2 SP1, 7, 8, Server 2012). Root cause: objects in memory are not properly handled by USB descriptor processing, enabling physically proximate attackers to...

7.2CVSS7.2AI score0.01455EPSS
cve
cve
added 2014/08/12 9:0 p.m.80 views

CVE-2014-1814

CVE-2014-1814 is a local privilege-escalation vulnerability in the Windows Installer service. It affects Windows client/server platforms listed in the advisory (e.g., Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, 7, 8, 8.1, Server 2012/2012 R2, and Windows RT/8.1). The flaw arises from ...

7.2CVSS6.4AI score0.01962EPSS
cve
cve
added 2014/08/12 9:0 p.m.80 views

CVE-2014-1819

CVE-2014-1819 affects Windows kernel-mode font handling (win32k.sys) where access to font-file objects is not properly controlled, enabling local privilege escalation via a crafted font file. Connected docs corroborate font-file handling as the root cause and map to MS14-045 kernel-mode driver up...

7.2CVSS6.4AI score0.02024EPSS
cve
cve
added 2014/09/10 1:0 a.m.80 views

CVE-2014-4074

CVE-2014-4074 concerns a privilege-escalation flaw in Windows Task Scheduler. The vulnerability exists in Task Scheduler across Windows 8/8.1, Windows Server 2012 (Gold/R2) and Windows RT/8.1, where a crafted task can be scheduled to abuse privileges. The issue is triggered locally by scheduling ...

7.2CVSS6.5AI score0.01877EPSS
cve
cve
added 2015/06/10 1:0 a.m.80 views

CVE-2015-1724

CVE-2015-1724 is a local privilege-escalation use-after-free in Windows kernel-object handling affecting multiple Windows versions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1). The vulnerability lies in kernel-mode drivers and can be tr...

7.2CVSS6.5AI score0.03311EPSS
cve
cve
added 2015/07/14 10:0 p.m.80 views

CVE-2015-2381

CVE-2015-2381 affects Microsoft Windows' kernel-mode driver component win32k.sys in Windows 8, Windows 8.1, Windows Server 2012 Gold/R2, and Windows RT Gold/8.1. The vulnerability allows local users to read kernel memory via a crafted application, an information-disclosure issue. Impact is stated...

2.1CVSS5.2AI score0.02563EPSS
cve
cve
added 2015/08/15 12:0 a.m.80 views

CVE-2015-2428

CVE-2015-2428 affects Windows Object Manager interactions with object symbolic links originated in sandboxed processes, enabling local privilege escalation by failing to constrain impersonation levels. The issue arises when a sandboxed process creates an Object Manager symbolic link; the kernel a...

2.1CVSS6.4AI score0.01777EPSS
cve
cve
added 2015/08/15 12:0 a.m.80 views

CVE-2015-2453

The CVE-2015-2453 CSRSS Local Elevation of Privilege vulnerability affects multiple Windows editions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8, 8.1, Server 2012 Gold/R2, Windows RT Gold/8.1). A crafted application can continue running during a subsequent user login, enabling local user...

4.7CVSS6AI score0.02618EPSS
cve
cve
added 2015/09/09 12:0 a.m.80 views

CVE-2015-2530

CVE-2015-2530 affects Windows Journal across Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012, RT, and Windows 10. The vulnerability enables remote code execution via a crafted .jnt file (Windows Journal RCE Vulnerability), a distinct issue from CVE-2015-2513 and CVE-2...

9.3CVSS7.4AI score0.16301EPSS
cve
cve
added 2016/01/13 2:0 a.m.80 views

CVE-2016-0008

CVE-2016-0008 covers a Windows GDI32.dll ASLR bypass vulnerability. Affected software includes Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, and Windows RT Gold/8.1, where remote attackers could bypass ASLR via unspecified vectors. The v...

4.3CVSS5.4AI score0.13841EPSS
cve
cve
added 2014/11/11 10:0 p.m.79 views

CVE-2014-6322

CVE-2014-6322 is a Windows Audio Service elevation-of-privilege vulnerability (MS14-071). Affects Windows Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8/8.1, Server 2012/2012 R2, and Windows RT. Root cause involves the Windows Audio service components (audiosrv.dll, audioses.dll, audioks...

4.3CVSS6.7AI score0.12974EPSS
cve
cve
added 2015/03/11 10:0 a.m.79 views

CVE-2015-0073

CVE-2015-0073 concerns the Windows Registry Virtualization feature. The Windows kernel’s registry virtualization mechanism does not properly restrict changes to virtual stores, enabling a local attacker to elevate privileges via a crafted application. The vulnerability affects multiple Windows ve...

7.2CVSS6.3AI score0.01817EPSS
cve
cve
added 2015/03/11 10:0 a.m.79 views

CVE-2015-0092

CVE-2015-0092 is described in connected documents as a pool-based buffer underflow (≤64 bytes) affecting the Windows Adobe Type Manager Font Driver (ATMFD.DLL). The vulnerability is linked to the font rendering stack (Charstring-related components) and involves a memory underflow on an arbitraril...

9.3CVSS7.8AI score0.17414EPSS
cve
cve
added 2015/05/13 10:0 a.m.79 views

CVE-2015-1680

Technical details about CVE-2015-1680 are not publicly available in the provided connected documents; monitor for updates.

2.1CVSS5.9AI score0.03052EPSS
cve
cve
added 2015/05/13 10:0 a.m.79 views

CVE-2015-1697

CVE-2015-1697 relates to a Windows Journal remote code execution vulnerability. Current sources confirm affected platforms include Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, and Windows RT Gold/8.1, where processing a crafted ...

9.3CVSS7.8AI score0.17767EPSS
cve
cve
added 2015/05/13 10:0 a.m.79 views

CVE-2015-1716

CVE-2015-1716 is an information-disclosure vulnerability in Schannel (Windows) caused by improper restriction of Diffie-Hellman Ephemeral key lengths. Connected advisories describe it as affecting TLS configurations that permit DHE_EXPORT/weak keys, enabling MITM-style decryption of TLS traffic (...

5CVSS3.9AI score0.20926EPSS
cve
cve
added 2015/07/14 10:0 p.m.79 views

CVE-2015-2367

CVE-2015-2367 affects Windows kernel-mode driver Win32k.sys across multiple Windows versions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, Windows RT 8.1). Root cause is an information-disclosure in uninitialized kernel memory via a crafted...

2.1CVSS5.3AI score0.03133EPSS
cve
cve
added 2015/08/15 12:0 a.m.79 views

CVE-2015-2465

CVE-2015-2465 affects the Windows shell and related components (Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, Windows 8/8.1, Windows Server 2012/2012 R2, Windows RT/RT 8.1, and Windows 10). The vulnerability arises from not properly constraining impersonation levels, enabling loca...

2.1CVSS6.4AI score0.02115EPSS
cve
cve
added 2016/01/13 2:0 a.m.79 views

CVE-2016-0014

CVE-2016-0014 is a DLL-loading Elevation of Privilege vulnerability affecting multiple Windows versions (Vista through Windows 10 thresholds) where improper DLL loading allows a local attacker to gain complete control via a crafted application. Root cause: mishandling of DLL loading. Affected com...

7.8CVSS7.6AI score0.02423EPSS
cve
cve
added 2016/01/13 2:0 a.m.79 views

CVE-2016-0016

CVE-2016-0016 is a Windows DLL loading vulnerability that enables local privilege escalation via a crafted application. Affected products include Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows 10, and Windows Server 2008/2012 families (as listed in the CVE entry). Root cause: mishandlin...

7.8CVSS7.8AI score0.31091EPSS
cve
cve
added 2013/04/09 10:0 p.m.78 views

CVE-2013-1294

The CVE-2013-1294 entry describes a kernel race-condition vulnerability in the Windows family (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) where improper handling of in-memory objects can be abused by a crafted local application to ...

7CVSS6.3AI score0.01064EPSS
cve
cve
added 2013/10/09 2:44 p.m.78 views

CVE-2013-3200

CVE-2013-3200 concerns a local-privilege-escalation in Windows USB handling. The vulnerability exists in kernel-mode USB drivers across multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT). A crafted USB devi...

7.2CVSS7.4AI score0.05441EPSS
cve
cve
added 2013/10/09 2:44 p.m.78 views

CVE-2013-3880

CVE-2013-3880 affects Windows 8, Windows Server 2012, and Windows RT. The App Container feature in kernel‑mode drivers may be bypassed by a Trojan horse, allowing a container to access sensitive information from another container. This aligns with the MS13‑081 set of Windows kernel‑mode driver vu...

3.5CVSS6.3AI score0.14107EPSS
cve
cve
added 2015/03/11 10:0 a.m.78 views

CVE-2015-0077

The CVE-2015-0077 issue affects Microsoft Windows kernel-mode drivers across multiple Windows families (Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012). The root cause is improper initialization of function buffers in kernel-mode drivers, enabling lo...

2.1CVSS5.6AI score0.02379EPSS
cve
cve
added 2015/03/11 10:0 a.m.78 views

CVE-2015-0090

CVE-2015-0090 is a registry-object vulnerability in the Windows ATMFD.DLL font driver. An off‑by‑one bug sanitizing registry indices allows a load/store between the transient array and Registry[3], enabling a read/write‑what‑where primitive. Attackers can spray kernel pools and copy controlled da...

9.3CVSS7.8AI score0.19835EPSS
cve
cve
added 2015/05/13 10:0 a.m.78 views

CVE-2015-1675

The connected CNVD entries corroborate CVE-2015-1675 family: Microsoft Windows Journal file handling vulnerabilities allow remote code execution via specially crafted Journal files (.jnt). Affected products/versions from the CVE scope include Windows Vista through Windows 8.1/Server editions, wit...

9.3CVSS7.8AI score0.14217EPSS
cve
cve
added 2015/05/13 10:0 a.m.78 views

CVE-2015-1677

Technical details about CVE-2015-1677 are not publicly available in the provided connected documents. Monitor for updates.

2.1CVSS5.9AI score0.03052EPSS
cve
cve
added 2015/06/10 1:0 a.m.78 views

CVE-2015-1721

CVE-2015-1721 is the Windows kernel-mode driver null-pointer dereference in Win32k.sys that can allow local privilege escalation or denial of service. Affected products span Windows Server 2003/2008/2012 families, Windows Vista/7/8/8.1, and Windows RT/Server variants (Win32k.sys). Root cause: NUL...

7.2CVSS6.5AI score0.03296EPSS
cve
cve
added 2015/06/10 1:0 a.m.78 views

CVE-2015-1726

CVE-2015-1726 is a local privilege-escalation use-after-free vulnerability in Windows kernel-mode drivers (the kernel brush object) affecting Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 (including R2) and RT 8.1. The underlying issu...

7.2CVSS6.5AI score0.03364EPSS
cve
cve
added 2015/06/10 1:0 a.m.78 views

CVE-2015-1727

CVE-2015-1727 is a local privilege-escalation vulnerability in Windows kernel-mode driver Win32k.sys (buffer overflow). A crafted/local attacker can gain SYSTEM privileges via the Win32k Pool Buffer Overflow vulnerability affecting multiple Windows versions (from Windows Server 2003 SP2/R2 SP2 to...

7.2CVSS6.8AI score0.03436EPSS
cve
cve
added 2015/07/14 10:0 p.m.78 views

CVE-2015-2364

CVE-2015-2364 concerns a privilege-escalation in the Windows Graphics Component caused by incorrect bitmap conversion. A local attacker can exploit this via a crafted application to gain elevated privileges. Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, Windows Serv...

7.2CVSS6.3AI score0.01674EPSS
cve
cve
added 2015/09/09 12:0 a.m.78 views

CVE-2015-2512

CVE-2015-2512 is a local privilege escalation in the Adobe Type Manager Library (Font Driver) on Windows. The vulnerability arises from improper handling of objects in memory within the Font Driver, allowing a crafted application to execute with elevated privileges (SYSTEM) on affected Windows ve...

7.2CVSS6.3AI score0.03794EPSS
cve
cve
added 2015/09/09 12:0 a.m.78 views

CVE-2015-2519

CVE-2015-2519 is a Windows Journal remote code execution vulnerability caused by an integer overflow when handling Journal (.jnt) files. Affected Windows versions span Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1, and Windows 10. The issue enables arbitrary ...

9.3CVSS7.8AI score0.14335EPSS
cve
cve
added 2015/11/11 11:0 a.m.78 views

CVE-2015-6102

CVE-2015-6102 describes a Windows kernel information-disclosure vulnerability that allows local users to bypass KASLR and discover a driver base address. Affected are Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 (Gold/R2), Windows RT 8.1, and Windows 10 (in...

2.1CVSS5.8AI score0.041EPSS
cve
cve
added 2013/03/13 12:0 a.m.77 views

CVE-2013-1285

CVE-2013-1285 concerns Windows USB descriptor handling vulnerabilities in several Windows OS versions (XP SP2/SP3; Server 2003 SP2; Vista SP2; Server 2008 SP2/R2/R2 SP1; Windows 7; Windows 8; Server 2012). The issue arises from improper handling of objects in memory by USB kernel‑mode drivers, en...

7.2CVSS7.2AI score0.01455EPSS
cve
cve
added 2013/03/13 12:0 a.m.77 views

CVE-2013-1286

Summary: CVE-2013-1286 is a Windows USB Descriptor Vulnerability. The exposed flaw lies in USB kernel-mode drivers on Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, and Server 2012, where objects in memory are not properly handled, allowing physicall...

7.2CVSS7.2AI score0.01455EPSS
cve
cve
added 2013/11/13 12:0 a.m.77 views

CVE-2013-3898

CVE-2013-3898 concerns a memory-address validity issue in Microsoft Hyper-V on Windows 8/Windows Server 2012. The vulnerability allows guest OS users to execute arbitrary code in all guest OS instances or to cause a denial-of-service by crashing the host, via a guest-to-host hypercall with a craf...

7.9CVSS7.5AI score0.01752EPSS
cve
cve
added 2014/02/26 11:0 a.m.77 views

CVE-2013-7332

Technical details about CVE-2013-7332 are not provided in the connected documents. The sources mention related XML entity expansion issues (e.g., CVE-2009-2473) but no vendor/product/version specifics for this CVE.

5CVSS6.8AI score0.13305EPSS
cve
cve
added 2014/05/14 10:0 a.m.77 views

CVE-2014-1807

The CVE-2014-1807 issue is a Windows Shell privilege-escalation vulnerability tied to the ShellExecute path/file-association handling in Windows Shell. A local attacker could exploit this by delivering a crafted application, taking advantage of improper file-association processing to execute code...

7.2CVSS6.4AI score0.01767EPSS
cve
cve
added 2014/11/11 10:0 p.m.77 views

CVE-2014-6317

CVE-2014-6317 is a denial-of-service vulnerability in Windows kernel-mode driver code (win32k.sys) caused by an array index error when loading TrueType font files. The issue affects multiple Windows client and server SKUs (e.g., Windows 7, 8/8.1, Vista, Windows Server 2003/2008/2012 and RT varian...

7.1CVSS6.5AI score0.18428EPSS
cve
cve
added 2015/02/11 2:0 a.m.77 views

CVE-2015-0062

CVE-2015-0062 is a local privilege escalation in multiple Windows platforms (Windows 7 SP1, Windows 8/8.1, Windows Server 2008 R2 SP1, Server 2012/2012 R2, etc.) caused by incorrect impersonation handling in a process that uses SeAssignPrimaryTokenPrivilege, allowing a crafted local attacker to g...

7.2CVSS6.5AI score0.0175EPSS
cve
cve
added 2015/06/10 1:0 a.m.77 views

CVE-2015-1723

CVE-2015-1723 is a local privilege-escalation in Windows kernel-mode drivers (use-after-free) affecting Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 (Gold/R2) and Windows RT 8.x. A crafted application can exploit the use-after-free i...

7.2CVSS6.5AI score0.03335EPSS
cve
cve
added 2013/04/09 10:0 p.m.76 views

CVE-2013-1283

CVE-2013-1283 affects Windows kernel-mode drivers, specifically Win32k.sys, with a local privilege-escalation due to race conditions from improper handling of memory objects. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Wind...

6.9CVSS6.4AI score0.01166EPSS
cve
cve
added 2014/02/12 2:0 a.m.76 views

CVE-2014-0254

The CVE-2014-0254 issue affects Microsoft Windows 8, Windows Server 2012, and Windows RT, where the IPv6 TCP/IP stack does not properly validate ICMPv6 Router Advertisement packets, allowing remote denial-of-service that can cause a system hang. Affected component: IPv6 implementation in Windows ...

7.8CVSS6.5AI score0.32685EPSS
cve
cve
added 2015/02/11 2:0 a.m.76 views

CVE-2015-0059

CVE-2015-0059 is the Windows kernel-mode TrueType font parsing remote code execution vulnerability (win32k.sys) exposed via crafted TTF files. Affects multiple Windows versions including Windows 7, Windows 8/8.1, Windows Server 2008 R2 SP1, Windows Server 2012, and Windows RT/8.1; root cause is i...

6.9CVSS6.9AI score0.11104EPSS
cve
cve
added 2015/03/11 10:0 a.m.76 views

CVE-2015-0078

CVE-2015-0078 is a local privilege-escalation vulnerability in Windows kernel-mode Win32k (win32k.sys) where token validation for calling threads is improper. Affects Windows 8, Windows 8.1, Windows Server 2012 (Gold/R2), Windows RT/RT 8.1. Root cause: token validation weakness in win32k.sys that...

7.2CVSS6.4AI score0.0168EPSS
cve
cve
added 2015/11/11 11:0 a.m.76 views

CVE-2015-6113

Mode C: CVE-2015-6113 is a Windows kernel security feature bypass where a local attacker could bypass filesystem permissions via FileLinkInformation hard-links in sandboxed processes. The root cause is that ZwSetInformationFile accepted a link operation with 0 desired access for the file handle, ...

2.1CVSS6.1AI score0.0204EPSS
Total number of security vulnerabilities254