3407 matches found
CVE-2015-2426
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a cra...
CVE-2017-0022
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for fi...
CVE-2016-3298
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerabilit...
CVE-2015-2360
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial o...
CVE-2014-4077
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanes...
CVE-2022-37969
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-21298
Windows OLE Remote Code Execution Vulnerability
CVE-2022-41128
Windows Scripting Languages Remote Code Execution Vulnerability
CVE-2022-41033
Windows COM+ Event System Service Elevation of Privilege Vulnerability
CVE-2023-21823
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2019-1388
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
CVE-2011-3416
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
CVE-2024-38124
Windows Netlogon Elevation of Privilege Vulnerability
CVE-2022-41073
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2023-29336
Win32k Elevation of Privilege Vulnerability
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...
CVE-2023-36563
Microsoft WordPad Information Disclosure Vulnerability
CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability
CVE-2023-36805
Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-38142
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-38160
Windows TCP/IP Information Disclosure Vulnerability
CVE-2023-23376
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36434
Windows IIS Server Elevation of Privilege Vulnerability
CVE-2009-3103
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Proc...
CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation hav...
CVE-2022-26809
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2024-43572
Microsoft Management Console Remote Code Execution Vulnerability
CVE-2023-36584
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2023-24932
Secure Boot Security Feature Bypass Vulnerability
CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an a...
CVE-2022-29130
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2022-30209
Windows IIS Server Elevation of Privilege Vulnerability
CVE-2023-36874
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-23415
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
CVE-2025-29824
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2008-4250
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by...
CVE-2020-24588
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802...
CVE-2023-38144
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2018-0886
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execu...
CVE-2023-36801
DHCP Server Service Information Disclosure Vulnerability
CVE-2024-38203
Windows Package Library Manager Information Disclosure Vulnerability
CVE-2023-32046
Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state ...
CVE-2023-38161
Windows GDI Elevation of Privilege Vulnerability
CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2023-36025
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-38149
Windows TCP/IP Denial of Service Vulnerability
CVE-2016-0165
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vu...
CVE-2023-28229
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2024-38077
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability