147 matches found
CVE-2024-38063
CVE-2024-38063 is a Windows IPv6/tcpip.sys vulnerability involving improper handling of IPv6 extension headers and fragmentation. Technical material in connected docs shows an integer underflow in the IPv6 fragment reassembly path (Ipv6pReassemblyTimeout) and a risky code path where IppSendErrorL...
CVE-2020-17049
CVE-2020-17049 is a Kerberos KDC service-ticket delegation bypass in IBM Application Gateway, enabling a compromised service using Kerberos Constrained Delegation to tamper with service tickets and force KDC acceptance. The vulnerability affects IBM Application Gateway versions 19.12–24.06. IBM’s...
CVE-2024-38193
CVE-2024-38193 concerns the Windows Ancillary Function Driver for WinSock (AFD) used by Winsock. The vulnerability is a local privilege-escalation issue in the AFD/WinSock stack, with a resource-management error cited by CNNVD and a privilege-escalation capability described by CISA KEV. Public ex...
CVE-2024-38213
CVE-2024-38213 is a Windows Mark of the Web (MoTW) security feature bypass vulnerability. Affected software involves Windows MoTW handling; the flaw allows downloaded web-origin files to bypass warnings/ protections, enabling potentially malicious content to execute. Exploitation information in c...
CVE-2018-8166
The CVE-2018-8166 entry is supported by connected documents describing a Win32k privilege-escalation vulnerability in Windows where the Win32k component mishandles objects in memory, allowing local kernel-mode code execution if exploited. Affected products span multiple Windows versions (e.g., Wi...
CVE-2020-17051
Technical details for CVE-2020-17051 are not provided in the supplied documents. Public details (affected product/version, exploitability, or fixes) are not included here; monitor for updates in the connected sources.
CVE-2018-8164
CVE-2018-8164 is a Win32k privilege-escalation vulnerability in Windows where the Win32k component fails to properly handle objects in memory. Affected are multiple Windows releases (server and client SKUs listed in the CVE entry). The connected documents corroborate a kernel-mode elevation of pr...
CVE-2024-30073
CVE-2024-30073 is a Windows Security Zone Mapping security feature bypass vulnerability. The public records show a CVSS v3.1 base score of 7.8 (High) with Local attack vector, low attack complexity, no privileges required, but user interaction required, and impact to confidentiality, integrity, a...
CVE-2024-38118
Technical details (affected component, root cause, exploit info, patch status) for CVE-2024-38118 are not provided in the connected documents. The initial description notes LSA server information disclosure but lacks concrete specifics; monitor for updates.
CVE-2024-38107
CVE-2024-38107 is a Windows Privilege Escalation vulnerability in the Power Dependency Coordinator. Affected component: Windows Power Dependency Coordinator. Impact: local attacker with low privileges can obtain SYSTEM privileges (vector: local, no user interaction). Root cause details are not pr...
CVE-2024-21358
Technical details about CVE-2024-21358 (Microsoft WDAC OLE DB provider for SQL Server remote code execution) are not provided in the supplied documents. Monitor for official updates from Microsoft and trusted security advisories for affected products, mitigations, and fixes.
CVE-2024-26174
CVE-2024-26174 is a Windows Kernel Information Disclosure Vulnerability. The connected sources specify the issue as an out-of-bounds read of key node security in CmpValidateHiveSecurityDescriptors when loading corrupted registry hives, enabling potential leakage of kernel/registry data. Affected ...
CVE-2024-21406
Technical details about CVE-2024-21406 are not publicly provided in the supplied documents. No affected product/version/impact specifics are given beyond the generic description. Monitor for updates from official advisories.
CVE-2024-38153
CVE-2024-38153 is a Windows Kernel elevation-of-privilege vulnerability. The CVSSv3.1 base score is 7.8 (High) with Local attack vector, Low attack complexity, Privileges Required: Low, User Interaction: None, and impact on Confidentiality, Integrity, and Availability: High. The vulnerability aff...
CVE-2017-0174
CVE-2017-0174 is a Windows NetBIOS Denial of Service vulnerability. Exploitation involves sending malformed NetBIOS packets to affected Windows versions (Windows 7/8.1/10, Windows Server 2008-2016 and related). The underlying cause is improper handling within the Windows NetBIOS/network stack, al...
CVE-2024-29995
CVE-2024-29995 is a Windows Kerberos Elevation of Privilege vulnerability. The connected data shows it affects the Windows Kerberos component and is rated with CVSSv3.1 base score 8.1 (vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating network-prone access with high impact and no user inter...
CVE-2020-17042
CVE-2020-17042 is a Windows Print Spooler remote code execution vulnerability. The CVE entry identifies the affected component as the Windows Print Spooler and indicates a network-based attack with high impact (base score 8.8/3.1 CVSS) and user interaction required. The connected documents provid...
CVE-2024-38199
Technical details about CVE-2024-38199 are not publicly provided in the connected documents. Monitor for updates from Microsoft and NVD for affected products, fixes, and exploit information.
CVE-2024-37968
CVE-2024-37968 is a Windows DNS Spoofing vulnerability rated High (CVSS 7.5) with network attack vector and impact on confidentiality. The connected documents confirm this CVE affects Windows DNS and that Microsoft released fixes in the August 2024 updates (examples: KB5041578, KB5041160, KB50418...
CVE-2024-38144
CVE-2024-38144 is a local elevation-of-privilege vulnerability in the Windows Kernel Streaming WOW Thunk Service Driver. The connected sources state a local attacker could obtain SYSTEM privileges and that exploit code appeared in the TyphoonPWN 2024 event, with a write‑up from SSD Secure Disclos...
CVE-2024-38131
Technical details about CVE-2024-38131 are not publicly provided in the connected documents. The available material lacks product/version/root-cause/remediation specifics. Monitor official advisories/updates for concrete information.
CVE-2017-0158
CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...
CVE-2024-38140
CVE-2024-38140 is a Windows RMCAST (Reliable Multicast Transport Driver) remote code execution vulnerability rated CRITICAL (CVSS 3.1: 9.8). The entry indicates an in-network attacker could remotely execute arbitrary code, with no privileges required and no user interaction, under the RMCAST comp...
CVE-2018-0842
CVE-2018-0842 : Windows kernel elevation-of-privilege vulnerability affecting multiple Windows client and server editions (Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2/R2 SP1, 2012/R2, 2016, 1703–1709 and 1709 variants, Windows 10 releases). The issue arises from how memory objects ...
CVE-2024-38152
CVE-2024-38152 is listed under Windows WDAC OLE DB provider for SQL with a CVSS and impact of 7.80 (Execute Random Code). The connected documents confirm the affected component and the vulnerability’s label, but do not provide concrete details on root cause, affected versions, exploit scenarios, ...
CVE-2024-38196
CVE-2024-38196 is tied to the Windows Common Log File System Driver and is described as an Elevation of Privilege (local) vulnerability. The CVE is listed with a CVSSv3.1 base score of 7.8 (HIGH) and a local attack vector with low attack complexity, requiring low privileges and no user interactio...
CVE-2017-0211
CVE-2017-0211 is a Windows OLE/COM elevation-of-privilege issue where a Structured Storage object can be exposed across a security boundary via a property bag, enabling creation of a remote COM object in the server process and potential privilege escalation. Google Project Zero details show how I...
CVE-2018-0959
CVE-2018-0959 is a remote code execution vulnerability in Windows Hyper-V where a host server fails to validate input from an authenticated user on a guest OS. Affected products include Windows clients and server editions listed in the description (e.g., Windows 7, 8.1; Windows Server 2008-2016; ...
CVE-2018-8167
CVE-2018-8167 is a Windows CLFS driver elevation of privilege vulnerability. The issue arises when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Affected products/versions include Windows 7, Windows Server 2008/2008 R2/2012/2012 R2, Windows 8.1, Windows 10...
CVE-2024-38117
CVE-2024-38117 affects the Windows NTFS component and is labeled as an elevation-of-privilege vulnerability with the impact “Obtaining Increased Rights” and a CVSS v3.1 base score of 7.8 (High). The connected documents provide the impact and the component but do not disclose the exact root cause ...
CVE-2017-0181
CVE-2017-0181 affects the Windows Hyper-V Network Switch on Windows 10/Windows Server 2016 hosts. The vulnerability is a remote code execution caused by improper validation of input from the guest OS, requiring an authenticated user on the guest. Connected sources confirm Hyper-V input validation...
CVE-2018-0825
CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...
CVE-2018-0898
Technical details about CVE-2018-0898 are not publicly available in the provided connected documents. Monitor for updates; no explicit affected products, root cause, impact, or remediation are detailed here.
CVE-2017-11927
Technical details about CVE-2017-11927 are not publicly available in the provided connected documents. Monitor for updates; include affected products/versions and remediation when disclosures become available.
CVE-2018-0811
Technical details are not publicly available in the provided connected documents. Monitor for updates on EUVD entries and any new disclosures related to CVE-2018-0811.
CVE-2018-0846
The connected documents confirm CVE-2018-0846 affects the Windows Common Log File System (CLFS) driver and describes an elevation-of-privilege flaw caused by improper handling of objects in memory. Affected products include various Windows client/server builds (Windows 7 SP1, Windows 8.1/RT 8.1, ...
CVE-2024-38115
Technical details for CVE-2024-38115 are not publicly available in the provided documents. Monitor for updates.
CVE-2017-11771
CVE-2017-11771 is a remote code execution vulnerability in the Microsoft Windows Search component. The issue arises from improper handling of DNS responses by the Windows Search service, allowing an unauthenticated, remote attacker to execute code on affected systems. The CVE is referenced alongs...
CVE-2024-38127
CVE-2024-38127 is a Windows Hyper-V Elevation of Privilege vulnerability. The initial description identifies it as a Windows Hyper-V EoP with local attack vector, low privileges required, no user interaction, and an impact of high confidentiality, integrity, and availability. The CVSS 3.1 vector ...
CVE-2024-38223
Technical details for CVE-2024-38223 are not publicly available in the provided documents. No information on affected products, root cause, or fixes is supplied here. Monitor sources for updates.
CVE-2018-0897
CVE-2018-0897: Information disclosure in the Windows kernel across multiple Windows versions (Server 2008 SP2/R2 SP1, Windows 7 SP1, 8.1/RT 8.1, Server 2012/R2, Windows 10 1511–1709, Server 2016) due to how memory addresses are handled. The vulnerability is mapped to “Windows Kernel Information D...
CVE-2018-0813
Technical details for CVE-2018-0813 are not publicly available in the provided documents. Monitor for updates from authoritative sources.
CVE-2018-0896
CVE-2018-0896 affects the Windows kernel across multiple Windows client/server versions (Windows 7 SP1, Windows 8.1/RT 8.1, Windows 10 versions 1511–1709, Windows Server 2008 SP2/R2 SP1, 2012/R2, 2016, and 1709) where memory address handling allows an information disclosure vulnerability. Root ca...
CVE-2024-38198
CVE-2024-38198 is a Windows Print Spooler elevation-of-privilege vulnerability. The connected data confirms the issue affects Windows Print Spooler Components and is categorized with a HIGH base severity (CVSS 3.1: 7.5) and impact as obtaining elevated privileges. The vulnerability is documented ...
CVE-2025-24055
CVE-2025-24055 is a Windows USB Video Driver vulnerability described as an out-of-bounds read that could allow an authorized attacker to disclose information with a physical attack. The CVSSv3.1 base score is 4.3 (Medium), with privileges required as Low, attack vector Physical, and impact restri...
CVE-2016-0174
CVE-2016-0174 describes a local privilege escalation in Windows kernel-mode drivers (Win32k) affecting multiple Windows family versions (Vista SP2, Server 2008 SP2/R2, 7 SP1, 8.1, Server 2012, RT 8.1, and Windows 10 1511/Gold). The vulnerability allows a locally authenticated attacker to gain hig...
CVE-2017-0180
Technical details for CVE-2017-0180 are not publicly provided in the connected documents. Available sources reference Hyper-V Network Switch input validation issues but do not disclose affected versions, root cause specifics, or exploit information. Monitor for updates.
CVE-2018-8424
CVE-2018-8424 describes an information-disclosure vulnerability in the Windows GDI component where memory contents may be leaked. Affected products include Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 10 and their Server counterparts (e.g., Windows Server 2008, 201...
CVE-2024-38180
CVE-2024-38180 relates to a security feature bypass in Windows SmartScreen. Affected product: Windows SmartScreen (Windows). The CVE is described as a Security Feature Bypass with high impact (C/H/I/A) and a network attack vector requiring user interaction. The initial documents do not provide de...
CVE-2018-0900
Technical details are not publicly available in the provided connected documents; monitor for updates.