Lucene search
+L
MicrosoftWindows 8

254 matches found

cve
cve
added 2013/02/13 11:0 a.m.75 views

CVE-2013-0075

CVE-2013-0075 is a remote DoS in the Windows TCP/IP stack: a crafted packet terminating a TCP connection can reboot affected hosts. Affected: Windows Vista SP2; Windows Server 2008 SP2/R2/R2 SP1; Windows 7 SP1/Gold; Windows 8; Windows Server 2012; Windows RT. Root cause: improper handling of a co...

7.8CVSS6.5AI score0.69936EPSS
cve
cve
added 2013/04/09 10:0 p.m.75 views

CVE-2013-1283

CVE-2013-1283 affects Windows kernel-mode drivers, specifically Win32k.sys, with a local privilege-escalation due to race conditions from improper handling of memory objects. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Wind...

6.9CVSS6.4AI score0.01166EPSS
cve
cve
added 2013/06/12 1:0 a.m.75 views

CVE-2013-1339

Summary (CVE-2013-1339): The Windows Print Spooler component has a memory management flaw during deletion of printer connections across affected Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT). This allows remote authenticated users to execu...

9CVSS7.2AI score0.23625EPSS
cve
cve
added 2015/05/13 10:0 a.m.75 views

CVE-2015-1696

Consolidated details from CNVD entries confirm CVE-2015-1696 concerns Microsoft Windows Journal file handling. The vulnerability arises when processing specially crafted Journal (.jnt) files, enabling a remote attacker to execute arbitrary code. Affected software scope includes Windows editions l...

9.3CVSS7.8AI score0.17767EPSS
cve
cve
added 2015/07/14 10:0 p.m.75 views

CVE-2015-2382

CVE-2015-2382 describes an information disclosure in Microsoft Windows where win32k.sys, the kernel-mode portion of Windows, can leak kernel memory contents to local users via a crafted application. Affected products include Windows 8, Windows 8.1, Windows Server 2012 (Gold and R2), and Windows R...

2.1CVSS5.2AI score0.02563EPSS
cve
cve
added 2013/04/09 10:0 p.m.74 views

CVE-2013-1284

CVE-2013-1284 is a Windows kernel local privilege escalation caused by a race condition in memory object handling. Affected: Windows 8, Windows Server 2012, and Windows RT (with related entries referencing other Windows versions in risk trackers). Impact cited: local user could gain higher privil...

4.9CVSS6.3AI score0.0153EPSS
cve
cve
added 2013/07/10 1:0 a.m.74 views

CVE-2013-1340

CVE-2013-1340 is a Windows kernel local privilege-escalation vulnerability in the Win32k.sys component (Win32k Dereference Vulnerability). The flaw occurs in memory object handling within the Win32k kernel-mode driver and affects multiple Windows platforms including XP SP2/SP3, Server 2003 SP2, V...

8.4CVSS6.4AI score0.01526EPSS
cve
cve
added 2013/09/11 10:0 a.m.74 views

CVE-2013-1341

CVE-2013-1341 affects the Windows kernel component win32k.sys (kernel-mode drivers) and allows local privilege escalation via a crafted application on several Windows families. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8. Root cause: ...

7.2CVSS6.4AI score0.01806EPSS
cve
cve
added 2015/05/13 10:0 a.m.74 views

CVE-2015-1679

Technical details about CVE-2015-1679 are not publicly provided in the supplied documents. Monitor for updates.

2.1CVSS5.9AI score0.03052EPSS
cve
cve
added 2015/05/13 10:0 a.m.74 views

CVE-2015-1699

Affected software: Microsoft Windows with Journal handling (Journal files, .jnt). The vulnerability allows remote code execution via a crafted Journal file, as described across CVE-2015-1699 and CNVD entries, with root cause in how Journal files are parsed. No exploitation details are provided in...

9.3CVSS7.8AI score0.14217EPSS
cve
cve
added 2015/06/10 1:0 a.m.74 views

CVE-2015-1720

CVE-2015-1720 is a local privilege-escalation vulnerability in Windows kernel-mode drivers caused by a use-after-free in kernel objects. A crafted application can exploit this to gain elevated privileges (kernel mode). Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, S...

7.2CVSS6.4AI score0.01906EPSS
cve
cve
added 2015/10/14 1:0 a.m.74 views

CVE-2015-2550

Summary: CVE-2015-2550 is a Windows kernel elevation-of-privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, RT, and Windows 10). The connected sources describe local privilege escalation via a crafted application i...

7.2CVSS6.4AI score0.0189EPSS
cve
cve
added 2018/02/28 10:0 p.m.74 views

CVE-2018-6947

CVE-2018-6947 is an uninitialised stack variable vulnerability in the nxfuse component of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier. It enables local, low-privilege users to gain elevation of privileges on Windows 7 (32/64-bit) and can cause a denial of service o...

7.8CVSS7.4AI score0.03148EPSS
cve
cve
added 2013/05/15 1:0 a.m.73 views

CVE-2013-1332

CVE-2013-1332 is a local privilege-escalation vulnerability in the DirectX Graphics Kernel Subsystem (dxgkrnl.sys) used by Windows. The issue arises from how objects in memory are handled by the kernel-mode driver, allowing a crafted local user to elevate privileges ("DirectX Graphics Kernel Subs...

7.2CVSS6.3AI score0.01878EPSS
cve
cve
added 2013/07/10 1:0 a.m.73 views

CVE-2013-3173

CVE-2013-3173 corresponds to the Win32k.sys kernel-mode driver buffer overflow vulnerability (Win32k Buffer Overwrite Vulnerability) that allows local privilege escalation on affected Windows versions. Documents reference Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP1, 7 SP1, ...

7.2CVSS6.7AI score0.01955EPSS
cve
cve
added 2013/10/09 2:44 p.m.73 views

CVE-2013-3879

Win32k Use After Free Vulnerability (CVE-2013-3879): a local privilege-escalation in the win32k.sys kernel-mode driver affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012, and RT. Root cause: use-after-free in memory object handling within the W...

7.2CVSS6.4AI score0.01806EPSS
cve
cve
added 2014/08/12 9:0 p.m.73 views

CVE-2014-4064

CVE-2014-4064 is a Windows kernel-information-disclosure vulnerability caused by improper use of the paged kernel pool to allocate uninitialized memory in kernel-mode drivers. A local attacker could exploit this to read kernel memory addresses on vulnerable Windows editions (Vista SP2, Server 200...

4.9CVSS5.5AI score0.02445EPSS
cve
cve
added 2015/05/13 10:0 a.m.73 views

CVE-2015-1702

CVE-2015-1702 affects the Service Control Manager (SCM) in multiple Windows client and server editions (e.g., Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8/8.1, 2012/2012 R2, RT/RT 8.1). The root cause is that SCM does not properly constrain impersonation levels, allowing a...

6.9CVSS6.5AI score0.01605EPSS
cve
cve
added 2015/02/11 2:0 a.m.72 views

CVE-2015-0060

CVE-2015-0060 is a Windows kernel-mode font handling vulnerability affecting the font mapper in win32k.sys across multiple Windows versions (Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, 7, 8, 8.1, Server 2012/2012 R2, RT). The root cause is improper font scaling in the font mapper, which allow...

4.7CVSS6AI score0.03807EPSS
cve
cve
added 2018/02/26 8:0 p.m.72 views

CVE-2018-7250

CVE-2018-7250 affects secdrv.sys in Microsoft Windows Vista/7/8/8.1 (before KB3086255) and Macrovision SafeDisc. The issue is an uninitialized kernel pool allocation in IOCTL 0xCA002813 that allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. Impact is inf...

5.5CVSS5.5AI score0.0298EPSS
cve
cve
added 2013/09/11 10:0 a.m.71 views

CVE-2013-1344

CVE-2013-1344 affects win32k.sys in multiple Windows kernel-mode drivers. A memory handling flaw in Win32k allows local privilege escalation via a crafted application on affected OSes (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows R...

7.2CVSS6.2AI score0.01654EPSS
cve
cve
added 2015/03/11 10:0 a.m.71 views

CVE-2015-0074

CVE-2015-0074 is tied to the Adobe Font Driver in Windows (ATMFD.DLL) and related font engines. The vulnerability arises from improper memory allocation in the driver, enabling remote denial-of-service via crafted fonts loaded from a website or file. Connected sources (MS15-021 and related adviso...

4.3CVSS6.4AI score0.14617EPSS
cve
cve
added 2015/07/14 10:0 p.m.71 views

CVE-2015-2416

CVE-2015-2416 is a Windows OLE privilege-elevation vulnerability affecting multiple editions (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012). The root cause, as cited across connected sources, is an input-validation flaw in OLE that allows remote at...

5CVSS6.9AI score0.10164EPSS
cve
cve
added 2015/07/14 10:0 p.m.71 views

CVE-2015-2417

CVE-2015-2417 describes an OLE-based elevation-of-privilege vulnerability in multiple Windows platforms (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT Gold/8.1). The root cause is an input validation flaw in OLE t...

5CVSS6.9AI score0.10164EPSS
cve
cve
added 2013/05/15 1:0 a.m.70 views

CVE-2013-1334

CVE-2013-1334 concerns a local privilege-escalation in Windows via the Win32k.sys kernel-mode driver. The exposed issue is that Win32k window/object handling can be abused to gain kernel-level privileges through a crafted application, enabling arbitrary code execution with high impact. Affected p...

7.2CVSS6.4AI score0.01737EPSS
cve
cve
added 2013/12/11 12:0 a.m.70 views

CVE-2013-3903

CVE-2013-3903 is a local-privilege/DoS issue in Windows kernel‑mode: an array index error in win32k.sys allows a crafted TrueType font to reboot the system on Windows 8, Windows Server 2012 (Gold/R2), Windows RT, and Windows 8.1. The vulnerability stems from the font parsing pathway in the TrueTy...

4.7CVSS6.1AI score0.02003EPSS
cve
cve
added 2015/02/11 2:0 a.m.70 views

CVE-2015-0061

CVE-2015-0061 corresponds to a TIFF parsing information-disclosure vulnerability in Microsoft Windows graphics components. The issue arises from improper initialization of memory when processing TIFF images, allowing a remote attacker to extract sensitive information from process memory. Affected...

4.3CVSS5.9AI score0.18865EPSS
cve
cve
added 2015/03/11 10:0 a.m.70 views

CVE-2015-0093

CVE-2015-0093 (BLEND vulnerability) is described in Google Project Zero material as a shared-charstring flaw that enables arbitrary PostScript operations with fully reliable control, affecting both the Adobe Reader/ CoolType path and the Windows ATMFD.DLL kernel driver. The root cause is a negati...

9.3CVSS9.3AI score0.20827EPSS
cve
cve
added 2013/10/09 2:44 p.m.69 views

CVE-2013-3894

CVE-2013-3894 affects Windows kernel-mode drivers and is triggered by a crafted CMAP table in a TrueType font, enabling remote code execution. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT. Impact per sources: r...

9.3CVSS7.5AI score0.43101EPSS
cve
cve
added 2014/07/08 10:0 p.m.69 views

CVE-2014-2780

CVE-2014-2780 corresponds to a DirectShow elevation-of-privilege vulnerability in Microsoft Windows (affecting Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8, 8.1, and Server 2012). The root cause is an input-validation flaw in DirectShow when processing unserialized Stretch objects, enabling lo...

6.9CVSS6.7AI score0.01768EPSS
cve
cve
added 2015/03/11 10:0 a.m.68 views

CVE-2015-0091

CVE-2015-0091 corresponds to a buffer overflow in the Adobe Font Driver (ATMFD.DLL) within Windows’ font rendering stack. The connected materials describe it as a “buffer overflow in a constant-sized allocation” related to font processing, part of a set of ATMFD vulnerabilities (alongside CVE-201...

9.3CVSS7.8AI score0.19835EPSS
cve
cve
added 2015/05/13 10:0 a.m.68 views

CVE-2015-1681

CVE-2015-1681 affects multiple Windows versions (Vista SP2, 2008 SP2/R2 SP1, 7 SP1, 8/8.1, 2012 Gold/R2, RT/8.1) and is triggered by handling a crafted .msc file in Microsoft Management Console File Format. The underlying issue is a vulnerability in the MMC icon/destination-buffer handling that c...

1.9CVSS6.1AI score0.01685EPSS
cve
cve
added 2015/05/13 10:0 a.m.68 views

CVE-2015-1695

CVE-2015-1695 concerns Windows Journal Remote Code Execution via crafted Journal files. Connected CNVD records describe vulnerability in Windows Journal handling of Journal (.jnt) files that allows remote attackers to craft files parsed by a user to execute arbitrary code, aligning with the CVE f...

9.3CVSS7.8AI score0.14217EPSS
cve
cve
added 2013/09/11 10:0 a.m.67 views

CVE-2013-1342

Technical details for CVE-2013-1342 are not publicly available in the provided Connected documents. The initial description contains general vulnerability information only. Monitor for updates from official advisories and vendor advisories to obtain affected products, impact, and remediation spec...

7.8CVSS6.2AI score0.01191EPSS
cve
cve
added 2013/06/12 1:0 a.m.67 views

CVE-2013-3136

CVE-2013-3136 describes a local information-disclosure vulnerability in the Windows kernel on 32-bit Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, and Windows 8. The issue stems from how the kernel handles unspecified page-fault system calls, allowing a crafted local...

4.4CVSS5.3AI score0.01526EPSS
cve
cve
added 2013/09/11 10:0 a.m.67 views

CVE-2013-3866

CVE-2013-3866 is a Windows kernel‑mode driver privilege escalation in Win32k.sys affecting multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8, Server 2012, Windows RT). The root cause is a crafted application that allows local users to gain...

7.2CVSS6.5AI score0.01806EPSS
cve
cve
added 2015/03/11 10:0 a.m.67 views

CVE-2015-0079

Microsoft Windows Remote Desktop Protocol (RDP) Denial of Service (CVE-2015-0079) affects Windows 7 SP1, Windows 8/8.1, and Windows Server 2012/2012 R2. The root cause is failure to properly free memory when multiple RDP sessions are established, allowing remote, unauthenticated attackers to exha...

7.8CVSS6.6AI score0.16163EPSS
cve
cve
added 2015/06/10 1:0 a.m.67 views

CVE-2015-1719

CVE-2015-1719 is a local information-disclosure vulnerability in Microsoft Windows kernel-mode drivers across multiple OS versions (Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012, RT/RT 8.1). The root issue is information being readable from k...

2.1CVSS5.4AI score0.02573EPSS
cve
cve
added 2013/08/14 10:0 a.m.66 views

CVE-2013-3196

The CVE-2013-3198 entry concerns the NTVDM kernel component in 32‑bit Windows platforms (XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8). The vulnerability arises from improper validation of kernel‑memory addresses in NTVDM, enabling local users to gain privileges o...

7.2CVSS6.2AI score0.02079EPSS
cve
cve
added 2015/03/11 10:0 a.m.66 views

CVE-2015-0095

CVE-2015-0095 affects Microsoft Windows kernel-mode drivers across multiple OS versions (e.g., Windows Server 2003 SP2, Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows Server 2012). Root cause: a kernel-mode driver vulnerability enabling local attackers to cause a denial-of-service via N...

5.6CVSS6.2AI score0.02662EPSS
cve
cve
added 2015/05/13 10:0 a.m.66 views

CVE-2015-1678

Technical details about CVE-2015-1678 are not provided in the connected documents. The initial entry notes a kernel memory disclosure via Win32k.sys, but lacks specific vulnerable components, affected products, or fixes in the supplied sources. Monitor for updates.

2.1CVSS5.9AI score0.03052EPSS
cve
cve
added 2015/05/13 10:0 a.m.66 views

CVE-2015-1698

CVE-2015-1698 affects Windows platforms (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012 Gold/R2, RT Gold/8.1). The vulnerability arises from handling of specially crafted Journal (.journal/.jnt) files, allowing remote code execution when parsed by an application. Connected CNVD ...

9.3CVSS7.8AI score0.17767EPSS
cve
cve
added 2013/09/11 10:0 a.m.65 views

CVE-2013-3865

Win32k Multiple Fetch Vulnerability (CVE-2013-3865) affects multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012, Windows RT). It allows local privilege escalation through a crafted application affecting win32k.sys in kernel-mode drivers...

7.2CVSS6.2AI score0.01654EPSS
cve
cve
added 2013/11/13 12:0 a.m.64 views

CVE-2013-3887

CVE-2013-3887 describes a local information-disclosure flaw in the Ancillary Function Driver (afd.sys) across multiple Windows kernels (XP SP2, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012). The root cause is improper copy operations in afd.sys that allow a local atta...

4.9CVSS5.4AI score0.0272EPSS
cve
cve
added 2015/03/11 10:0 a.m.64 views

CVE-2015-0084

CVE-2015-0084 affects Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8/8.1, Windows Server 2012 (Gold/R2) and Windows RT (Gold/8.1). The Task Scheduler fails to properly constrain impersonation levels, enabling local privilege escalation by launching executables via a crafted task. Public exp...

2.1CVSS6.1AI score0.01723EPSS
cve
cve
added 2015/03/11 10:0 a.m.64 views

CVE-2015-0089

Memory-disclosure under CVE-2015-0089 exists in the DLLs/libraries used for PostScript/OpenType font handling (ATMFD.DLL in Windows kernel, Adobe Reader CoolType, DirectWrite, and WPF). The root cause is uninitialized transient memory (32 dwords) read by Charstring interpreters, enabling leakage ...

5CVSS5.7AI score0.2121EPSS
cve
cve
added 2018/02/26 8:0 p.m.64 views

CVE-2018-7249

CVE-2018-7249 is a kernel-use-after-free in the secdrv.sys driver used by Microsoft Windows Vista/7/8/8.1 (pre-KB3086255) and Macrovision SafeDisc. Two carefully timed IOCTL 0xCA002813 calls can race to free a kernel object, enabling an unprivileged user to execute arbitrary code in the kernel. P...

7CVSS6.9AI score0.01496EPSS
cve
cve
added 2013/04/09 10:0 p.m.63 views

CVE-2013-1291

CVE-2013-1291 refers to a local-denial-of-service vulnerability in Windows OpenType font parsing via win32k.sys. Exploitation requires local access and a crafted OpenType font can crash/restart the system. Affected OS versions include Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, W...

7.1CVSS6.1AI score0.04625EPSS
cve
cve
added 2013/09/11 10:0 a.m.63 views

CVE-2013-1343

Technical details for CVE-2013-1343 are not publicly available in the provided documents; affected components, impact, and remediation are not specified here. Monitor for updates from NVD and EUVD sources.

7.2CVSS6.2AI score0.01654EPSS
cve
cve
added 2013/03/13 12:0 a.m.63 views

CVE-2013-2558

Technical details about CVE-2013-2558 are not publicly provided in the supplied documents; no concrete affected products/versions/fixes are specified here. Monitor for updates.

10CVSS7.3AI score0.14384EPSS
Total number of security vulnerabilities254