Lucene search
K

245 matches found

CVE
CVE
added 2022/03/09 5:7 p.m.376 views

CVE-2022-24503

CVE-2022-24503 is a Remote Desktop Protocol Client Information Disclosure vulnerability. Connected sources indicate it affects Windows Remote Desktop Client and can be triggered over the network with no authentication and no user interaction, exposing partial confidentiality (C:L). The issue is t...

5.4CVSS6.6AI score0.02269EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.354 views

CVE-2022-38028

CVE-2022-38028 is a Windows Print Spooler privilege-escalation vulnerability. It arises from improper privilege assignment in the Print Spooler service, enabling a local attacker with low privileges and no user interaction to escalate to SYSTEM. Public exploits have been observed; CISA/KEV and MS...

7.8CVSS8.3AI score0.14949EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.352 views

CVE-2017-0055

CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...

6.1CVSS5.4AI score0.16369EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.351 views

CVE-2017-8628

CVE-2017-8628 concerns a spoofing vulnerability in Microsoft’s Bluetooth driver stack for Windows platforms. The flaw allows an attacker within physical proximity and with Bluetooth enabled to initiate a Bluetooth connection and perform a man-in-the-middle attack, potentially forcing traffic thro...

6.8CVSS7AI score0.02307EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.338 views

CVE-2020-1269

Technical details for CVE-2020-1269 are not provided in the supplied documents. Monitor for updates from official sources.

7.8CVSS7.7AI score0.00946EPSS
In wild
CVE
CVE
added 2020/01/14 11:11 p.m.287 views

CVE-2020-0611

CVE-2020-0611 is a remote code execution vulnerability in the Windows Remote Desktop Client. Connected documents confirm the flaw affects the RDP client when a user connects to a malicious server, enabling arbitrary code execution on the client. The Microsoft blogs and advisories describe pre-aut...

7.5CVSS8.8AI score0.0808EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.269 views

CVE-2017-0214

CVE-2017-0213 is a Windows Privilege Escalation flaw in the COM Aggregate Marshaler. Reports confirm it enables local elevation of privilege when a specially crafted app is run, affecting Windows client and server SKUs listed in the CVE description. Several connected sources document exploitation...

7CVSS5.9AI score0.03457EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.260 views

CVE-2016-3308

Technical details for CVE-2016-3308 are not publicly available in the provided documents; monitor for updates.

7.8CVSS7.5AI score0.06418EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.260 views

CVE-2017-0025

Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.

7.8CVSS6.2AI score0.01835EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.257 views

CVE-2020-1262

Technical details for CVE-2020-1262 are not publicly available in the provided documents. Monitor for updates from official advisories.

7.8CVSS7.7AI score0.00856EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.254 views

CVE-2017-0047

Technical details about CVE-2017-0047 are not provided in the connected documents. Public information in the Initial Description is limited to an overview; monitor for updates.

7.8CVSS6.2AI score0.01858EPSS
In wild
CVE
CVE
added 2017/07/11 9:0 p.m.245 views

CVE-2017-8563

CVE-2017-8563 is an elevation-of-privilege vulnerability in Windows where Kerberos can fall back to NTLM as the default authentication protocol. The issue is exposed via LDAP/NTLM negotiation and can enable domain‑level credential abuse if NTLM relay occurs. Public documentation notes that follow...

8.1CVSS7.1AI score0.07176EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.231 views

CVE-2016-3311

CVE-2016-3311 is a Windows kernel-mode driver elevation of privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, Server 2012, Windows RT 8.1, and Windows 10 variants). The issue arises in Win32k kernel components where a crafted applicatio...

7.8CVSS7.5AI score0.01528EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.221 views

CVE-2016-3310

CVE-2016-3310 is a Win32k Elevation of Privilege vulnerability affecting multiple Windows versions. The issue arises in kernel‑mode drivers where improper handling of memory objects enables a local user to execute code with SYSTEM privileges via a crafted application. This is a local, non‑authent...

7.8CVSS7.5AI score0.02628EPSS
In wild
CVE
CVE
added 2017/07/11 9:0 p.m.201 views

CVE-2017-8582

CVE-2017-8582 affects the HTTP.sys server component in multiple Windows editions. The vulnerability arises from the component’s improper handling of in-memory objects, enabling a remote, unauthenticated attacker to obtain information and potentially facilitate further compromise. The impact is an...

5.9CVSS5.7AI score0.08294EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.192 views

CVE-2017-0174

CVE-2017-0174 is a Windows NetBIOS Denial of Service vulnerability. Exploitation involves sending malformed NetBIOS packets to affected Windows versions (Windows 7/8.1/10, Windows Server 2008-2016 and related). The underlying cause is improper handling within the Windows NetBIOS/network stack, al...

6.5CVSS6.9AI score0.0258EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.192 views

CVE-2017-0272

CVE-2017-0272 affects the Microsoft Windows SMBv1 server on Windows clients/servers (Windows 7/8.1, Windows Server 2008 SP2/R2 SP1, 2012, 2016, 10 versions etc.). Root cause: the SMBv1 server mishandles certain requests, enabling remote code execution by a remote attacker. Impact is high (remote ...

9.3CVSS7.7AI score0.17121EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.187 views

CVE-2016-0051

CVE-2016-0051 is a local privilege-escalation vulnerability in the Windows WebDAV client. The issue stems from the WebDAV client’s handling of crafted input, allowing a local attacker to gain SYSTEM-level privileges on affected Vista/7/8.1/2012/RT/10 variants with the WebDAV component (WebDAV cli...

7.8CVSS7.5AI score0.23383EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.185 views

CVE-2018-0746

CVE-2018-0746 is a Windows kernel local information disclosure vulnerability affecting Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 versions (Gold, 1511, 1607, 1703, 1709), Windows Server 2016 and Windows Server 1709. The root cause is described as improper handling of memory addre...

4.7CVSS4.6AI score0.04075EPSS
CVE
CVE
added 2022/03/09 5:7 p.m.178 views

CVE-2022-24502

Technical details about CVE-2022-24502 are not provided in the supplied documents. The provided materials do not include affected products/versions/root cause/fix information. Monitor for updates.

6.5CVSS6.1AI score0.33063EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.175 views

CVE-2018-0744

CVE-2018-0744 is a Windows kernel elevation-of-privilege vulnerability affecting Windows 8.1/RT 8.1, Windows Server 2012/R2, Windows 10 (various builds up to 1709), and Windows Server 2016/1709. The issue arises from how the kernel handles objects in memory, enabling local privilege escalation. E...

7CVSS5.5AI score0.15023EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.165 views

CVE-2018-0742

Technical details (affected product/versions/root cause/fix) are not publicly available in the provided documents. Monitor for updates from trusted sources.

7.8CVSS5.5AI score0.01266EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.163 views

CVE-2018-0747

Technical details for CVE-2018-0747 are not publicly provided in the supplied documents; no concrete affected products, root cause, or patch information are present. Monitor for updates.

4.7CVSS4.6AI score0.0208EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.156 views

CVE-2017-0016

CVE-2017-0016 affects multiple Windows versions (Windows 10, 8.1, RT 8.1, Server 2012R2/2016) where SMBv2/v3 packet handling in the Server service is flawed, enabling a remote attacker to potentially cause a crash or execute arbitrary code via a crafted SMB request. The issue is tied to SMBv2/SMB...

7.1CVSS6.3AI score0.2373EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.156 views

CVE-2017-0277

CVE-2017-0277 describes a remote code execution vulnerability in the Microsoft Windows SMBv1 server. The SMBv1 service on affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Windows 10 1511/1607/1703, Windows Server 2...

7CVSS7.7AI score0.1085EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.154 views

CVE-2020-0608

CVE-2020-0608 is an information disclosure vulnerability affecting the Win32k component where kernel information is improperly disclosed. The root cause is in win32k exposing kernel data, leading to potential information disclosure with local access and no user interaction required. The CVSS metr...

5.5CVSS6.4AI score0.01307EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.153 views

CVE-2016-7212

CVE-2016-7212 affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, 10 up to 1607, and Server 2016) where a crafted image file can lead to remote code execution. Root cause: improper handling in the Windows image load feature. Impact is remote cod...

9.3CVSS8AI score0.69829EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.151 views

CVE-2017-0158

CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...

7.6CVSS7.5AI score0.12558EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.151 views

CVE-2017-11780

CVE-2017-11780 is a remote code execution vulnerability in the Microsoft Windows Server Message Block 1.0 (SMBv1) server. The issue occurs when SMBv1 fails to handle certain requests, allowing an unauthenticated attacker to execute code on the target server over the network. Affected products inc...

7CVSS8.4AI score0.09961EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.151 views

CVE-2018-0751

CVE-2018-0751 is a Windows Kernel API elevation-of-privilege vulnerability affecting Windows family (kernel API permission handling). The connected records reference the CVE as a Windows kernel issue and show related exploitation listings (e.g., exploit-db entries linked in CIRCL). No explicit pr...

7.1CVSS5.7AI score0.0276EPSS
CVE
CVE
added 2023/05/31 6:7 p.m.149 views

CVE-2022-35744

Technical details (affected product, root cause, impact, or fixes) are not provided in the supplied documents. Monitor for updates from official CVE sources; no specifics about exploitation, vectors, or mitigations are included here.

9.8CVSS9.6AI score0.01979EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.148 views

CVE-2017-0161

CVE-2017-0161 is a Windows NetBT Session Services vulnerability described as a race condition when NetBT fails to maintain certain sequencing requirements, enabling a remote code execution in affected Windows releases. The CVE is present in Windows 7/8.1/10 and server SKUs listed in the initial d...

8.1CVSS7.7AI score0.11229EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.147 views

CVE-2020-0639

CVE-2020-0639 is a Windows Common Log File System (CLFS) Driver Information Disclosure vulnerability. Connected CNVD entries describe a flaw where memory objects are mishandled, allowing an authenticated attacker who logs on and runs a crafted application to read data from memory. The CVSSv3 base...

5.5CVSS6.6AI score0.01307EPSS
CVE
CVE
added 2017/02/20 4:0 p.m.145 views

CVE-2017-0038

The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...

5.5CVSS4.7AI score0.821EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.144 views

CVE-2017-8565

CVE-2017-8565 is a Windows PowerShell remote code execution vulnerability triggered when PSObject wraps a CIM Instance. Connected sources describe in detail that deserialization via PSObject, LosFormatter, ObjectStateFormatter (and related gadget chains) can enable remote code execution in PowerS...

9.3CVSS7.3AI score0.17522EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.141 views

CVE-2017-0211

CVE-2017-0211 is a Windows OLE/COM elevation-of-privilege issue where a Structured Storage object can be exposed across a security boundary via a property bag, enabling creation of a remote COM object in the server process and potential privilege escalation. Google Project Zero details show how I...

5.5CVSS6.4AI score0.13975EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.140 views

CVE-2018-8271

CVE-2018-8271 is an information-disclosure vulnerability in Windows where the bowser.sys kernel‑mode driver mishandles objects in memory. Affected products include Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Window...

5.5CVSS5.7AI score0.02782EPSS
CVE
CVE
added 2023/05/31 6:7 p.m.139 views

CVE-2022-35756

Technical details about CVE-2022-35756 (affected products, root cause, impact, fix) are not provided in the connected documents. Monitor for official disclosures and updates from Microsoft and CVE listings.

7.8CVSS8.6AI score0.11306EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.138 views

CVE-2016-0026

Technical details about CVE-2016-0026 are not publicly provided in the supplied documents; no specific affected products or fixes are described. Monitor for updates.

9.3CVSS7.5AI score0.06767EPSS
CVE
CVE
added 2018/01/04 2:0 p.m.137 views

CVE-2018-0753

CVE-2018-0753 describes a denial-of-service vulnerability in Windows IPSec where the system may stop responding due to how objects are handled in memory. Affected products explicitly include Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 versions 1511/1607/1703/1709, Windows Server 2...

7.1CVSS5.4AI score0.09024EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.133 views

CVE-2018-0825

CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...

7.6CVSS7.3AI score0.16778EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.132 views

CVE-2016-7237

CVE-2016-7237 affects Local Security Authority Subsystem Service (LSASS) in Windows between Vista SP2 and Windows Server 2016. The vulnerability allows remote authenticated users to cause a denial of service (system hang) by sending a crafted request, via the LSASS handling path (notably connecte...

6.8CVSS6.2AI score0.64817EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.132 views

CVE-2018-8136

CVE-2018-8136 is described as a remote code execution vulnerability in how Windows handles objects in memory, affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers. The con...

9.3CVSS8.4AI score0.21882EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.131 views

CVE-2016-3301

CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...

9.3CVSS7.8AI score0.44492EPSS
CVE
CVE
added 2017/12/12 9:0 p.m.131 views

CVE-2017-11927

Technical details about CVE-2017-11927 are not publicly available in the provided connected documents. Monitor for updates; include affected products/versions and remediation when disclosures become available.

6.5CVSS6.9AI score0.09617EPSS
CVE
CVE
added 2020/01/14 11:11 p.m.131 views

CVE-2020-0643

The CVE-2020-0643 entry concerns a information-disclosure vulnerability in Windows GDI+ where memory objects are mishandled. Connected CNVD-2020-04849 describes a Microsoft Windows Graphics Device Interface Plus information disclosure vulnerability with the same affected component; it states that...

5.5CVSS6.5AI score0.01307EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.130 views

CVE-2017-0062

CVE-2017-0062 affects the Graphics Device Interface (GDI) in multiple Windows versions (Vista SP2 through Windows 10/1607). It enables local attackers to disclose sensitive process-memory information via a crafted web site; impact is information disclosure. Connected CIRCL entries indicate the vu...

4.7CVSS4.3AI score0.17832EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.130 views

CVE-2017-8676

CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...

3.3CVSS4.9AI score0.1404EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.129 views

CVE-2016-0042

CVE-2016-0042 corresponds to a Windows DLL loading Remote Code Execution vulnerability. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10 (including 1511). The flaw arises from mishandling D...

7.8CVSS7.8AI score0.05651EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.129 views

CVE-2016-3223

CVE-2016-3223 relates to a Group Policy Elevation of Privilege vulnerability in Windows where LDAP authentication is mishandled, enabling a MiTM attacker to modify domain controller–to–client Group Policy update data and potentially escalate privileges. The issue affects multiple Windows editions...

9.3CVSS7.9AI score0.21091EPSS
Total number of security vulnerabilities245