Lucene search
+L

591 matches found

CVE
CVE
added 2011/12/30 1:0 a.m.872 views

CVE-2011-3416

CVE-2011-3416 affects Microsoft .NET Framework's ASP.NET Forms Authentication, allowing remote authenticated users to obtain access to arbitrary user accounts via a crafted username. Affected: .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0. The issue is addressed by MS11-100; vulnerable...

8.5CVSS6AI score0.45576EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.717 views

CVE-2009-3103

CVE-2009-3103 affects SMBv2 in srv2.sys on Windows Vista (Gold, SP1, SP2), Windows Server 2008 (Gold, SP2), and Windows 7 RC. Description and NSE/script references describe an out-of-bounds/array indexing issue in the SMB Negotiation protocol handling (ProcessID High header) that can allow remote...

10CVSS9.4AI score0.90121EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.489 views

CVE-2016-0128

Technical details about CVE-2016-0128 are not provided in the connected documents. The initial description mentions Badlock affecting Windows SAM/LSAD, but no explicit exploit vectors, affected products, or fixes are given here. Monitor for updates.

6.8CVSS6.4AI score0.20877EPSS
CVE
CVE
added 2012/03/13 9:0 p.m.358 views

CVE-2012-0002

CVE-2012-0002 is a Remote Desktop Protocol memory-processing vulnerability in affected Windows platforms (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1). The flaw permits remote code execution by sending specially crafted RDP packets tha...

9.3CVSS9.5AI score0.74102EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.355 views

CVE-2017-0055

CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...

6.1CVSS5.4AI score0.16369EPSS
CVE
CVE
added 2011/11/08 9:0 p.m.327 views

CVE-2011-2016

CVE-2011-2016 describes an untrusted search path vulnerability in Windows Mail and Windows Meeting Space, affecting Windows Vista SP2, Windows Server 2008 SP2, R2 and R2 SP1, and Windows 7 (Gold and SP1). The root cause is loading a Trojan horse DLL from the current working directory when opening...

9.3CVSS6.4AI score0.08103EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.271 views

CVE-2009-2524

CVE-2009-2524 refers to an Integer Overflow in LSASS during NTLM authentication in multiple Windows versions. A malformed NTLM packet can cause LSASS to crash and reboot the host, i.e., a denial-of-service condition. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows ...

7.8CVSS6.5AI score0.2847EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.265 views

CVE-2016-0143

CVE-2016-0143 is a Windows Win32k Privilege Escalation vulnerability in the kernel-mode driver (win32k.sys) affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, 2012, RT 8.1, Windows 10 Gold/1511). Root cause: improper handling of objects in memory within the Wi...

7.8CVSS6.8AI score0.03596EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.262 views

CVE-2017-0025

Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.

7.8CVSS6.2AI score0.01835EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.261 views

CVE-2016-3308

Technical details for CVE-2016-3308 are not publicly available in the provided documents; monitor for updates.

7.8CVSS7.5AI score0.06418EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.254 views

CVE-2017-0047

Technical details about CVE-2017-0047 are not provided in the connected documents. Public information in the Initial Description is limited to an overview; monitor for updates.

7.8CVSS6.2AI score0.01858EPSS
In wild
CVE
CVE
added 2011/04/13 6:0 p.m.235 views

CVE-2011-0657

CVE-2011-0657 affects the DNSAPI.dll DNS client in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7 SP1). Root cause: improper processing of DNS queries by the DNS client, enabling remote attackers to run arbitrary code via (1) a crafted L...

9.8CVSS7.6AI score0.63335EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.231 views

CVE-2016-3311

CVE-2016-3311 is a Windows kernel-mode driver elevation of privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, Server 2012, Windows RT 8.1, and Windows 10 variants). The issue arises in Win32k kernel components where a crafted applicatio...

7.8CVSS7.5AI score0.01528EPSS
In wild
CVE
CVE
added 2013/09/11 10:0 a.m.227 views

CVE-2013-0810

CVE-2013-0810 affects Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2. Attackers could trigger remote code execution by delivering a crafted theme file containing a malicious screensaver. The root cause is improper handling of screensaver/theme data, al...

9.3CVSS7.7AI score0.59885EPSS
Web
CVE
CVE
added 2016/08/09 9:0 p.m.223 views

CVE-2016-3310

CVE-2016-3310 is a Win32k Elevation of Privilege vulnerability affecting multiple Windows versions. The issue arises in kernel‑mode drivers where improper handling of memory objects enables a local user to execute code with SYSTEM privileges via a crafted application. This is a local, non‑authent...

7.8CVSS7.5AI score0.02628EPSS
In wild
CVE
CVE
added 2009/11/11 7:0 p.m.219 views

CVE-2009-2512

CVE-2009-2512 describes a remote code execution vulnerability in Microsoft Windows WSDAPI (Web Services on Devices API) affecting Windows Vista (Gold, SP1, SP2) and Windows Server 2008 (Gold, SP2). The root cause is memory corruption due to improper processing/validation of WSD message headers (M...

9.8CVSS7.3AI score0.31215EPSS
Web
CVE
CVE
added 2009/07/29 5:0 p.m.216 views

CVE-2009-2493

CVE-2009-2493 : Microsoft’s ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...

9.3CVSS7.2AI score0.379EPSS
CVE
CVE
added 2013/08/14 10:0 a.m.216 views

CVE-2013-3175

CVE-2013-3175 is a Windows elevation-of-privilege issue in the handling of asynchronous RPC requests. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT. Root cause...

10CVSS7.5AI score0.27538EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.213 views

CVE-2010-0480

CVE-2010-0480 is a remote code execution vulnerability in Microsoft MPEG Layer-3 codecs. The issue arises from multiple stack-based buffer overflows in the MPEG Layer-3 audio decoders (l3codecx.ax and related ACM codecs) when processing crafted AVI files, affecting Windows 2000 SP4, XP SP2/SP3, S...

9.3CVSS7.5AI score0.67888EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.195 views

CVE-2008-4114

The CVE-2008-4114 issue affects the Windows SMB SRV.SYS driver (WriteAndX handling) across multiple Windows platforms (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista Gold/SP1, Server 2008). The vulnerability arises from insufficient validation of the SMB WRITE_ANDX DataOffset, which can...

7.1CVSS7.4AI score0.49275EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.192 views

CVE-2013-0007

CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...

9.3CVSS7.5AI score0.31574EPSS
CVE
CVE
added 2016/02/10 11:0 a.m.188 views

CVE-2016-0051

CVE-2016-0051 is a local privilege-escalation vulnerability in the Windows WebDAV client. The issue stems from the WebDAV client’s handling of crafted input, allowing a local attacker to gain SYSTEM-level privileges on affected Vista/7/8.1/2012/RT/10 variants with the WebDAV component (WebDAV cli...

7.8CVSS7.5AI score0.23383EPSS
CVE
CVE
added 2010/09/15 6:0 p.m.184 views

CVE-2010-2729

CVE-2010-2729 is a remote code execution vulnerability in the Windows Print Spooler service. It stems from insufficient validation of spooler access permissions, allowing a remote attacker to create files in a system directory and execute arbitrary code by sending a crafted print request over RPC...

9.3CVSS9.2AI score0.75636EPSS
Web
CVE
CVE
added 2012/08/15 1:0 a.m.183 views

CVE-2012-1851

CVE-2012-1851 is a format string vulnerability in the Windows Print Spooler service that allows remote code execution. Affected: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. Root cause: Print Spooler mishandles crafted response...

10CVSS7.5AI score0.65637EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.175 views

CVE-2012-4786

CVE-2012-4786 affects Windows kernel-mode drivers handling TrueType/OpenType font parsing. The advisory set shows remote code execution via crafted TTF/OTF files affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, and RT. Root cause...

10CVSS7.4AI score0.24213EPSS
CVE
CVE
added 2011/11/08 9:0 p.m.174 views

CVE-2011-2014

The CVE-2011-2014 entry concerns LDAPS in Active Directory, ADAM, and AD LDS where the LDAPS implementation does not check Certificate Revocation Lists (CRLs). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, and Windows ...

9CVSS6.2AI score0.10965EPSS
CVE
CVE
added 2012/01/10 9:0 p.m.169 views

CVE-2012-0013

CVE-2012-0013 is a remote-code-execution vulnerability in the Windows PackagerClickOnce handling: ClickOnce file types are not included in the Windows Packager unsafe file type list, allowing an attacker to execute arbitrary code via a crafted Office document. Affected OSes include Windows XP SP2...

9.3CVSS7.4AI score0.73753EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.168 views

CVE-2010-0476

CVE-2010-0476 is a remote code-execution vulnerability in the Microsoft SMB client. The issue occurs when the SMB client implementation on Windows platforms (including Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 SP2) improperly parses or handles certain crafted SMB res...

10CVSS7.7AI score0.3433EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.168 views

CVE-2012-1527

CVE-2012-1527 corresponds to Windows Shell Briefcase Integer Underflow. The vulnerability arises from an integer underflow in the Briefcase feature of Windows Shell, enabling local privilege escalation for affected Windows editions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Wind...

9.3CVSS6.4AI score0.18163EPSS
CVE
CVE
added 2013/06/12 1:0 a.m.168 views

CVE-2013-3138

CVE-2013-3138 is a denial-of-service vulnerability arising from an integer overflow in the TCP/IP kernel-mode driver. The affected software set includes Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows Server 2012; Windows RT. An attacker can cause a system...

7.1CVSS6.7AI score0.5937EPSS
CVE
CVE
added 2012/01/10 9:0 p.m.166 views

CVE-2012-0004

CVE-2012-0004 affects Microsoft Windows via the DirectShow/DirectX stack (Quartz.dll, Qdvd.dll, Line21 DirectShow filter) and related components. The vulnerability allows remote attackers to execute arbitrary code by delivering a crafted media file, due to improper handling within DirectShow filt...

9.3CVSS8AI score0.22547EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.166 views

CVE-2013-3868

CVE-2013-3868 affects Microsoft Active Directory Lightweight Directory Service (AD LDS) and Active Directory Services across Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, and Server 2012. The vulnerability allows remote attackers to trigger a denial of service (LDAP...

5CVSS6.5AI score0.38293EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.165 views

CVE-2013-0013

The CVE-2013-0013 issue affects the Windows SSL/TLS stack: multiple Windows versions (Vista SP2, Server 2008 SP2/R2 and SP1, Windows 7, 8, Server 2012, Windows RT) have a flaw in the SSL provider that mishandles encrypted packets, enabling a man-in-the-middle to downgrade SSLv2 and intercept hand...

5.8CVSS6.3AI score0.06351EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.162 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.160 views

CVE-2009-0086

CVE-2009-0086 describes an integer underflow in Windows HTTP Services (WinHTTP) that allows remote code execution when a remote server sends crafted values in a response. The vulnerability affects multiple Windows versions, including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista (Gold/...

10CVSS7.5AI score0.1415EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.160 views

CVE-2009-2526

The CVE-2009-2526 family affects Windows Vista (Gold, SP1, SP2) and Windows Server 2008 (Gold/SP2) SMBv2 by failing to validate fields in SMBv2 packets, causing a denial of service (infinite loop) via crafted packets to the Server service. Related CVEs (CVE-2009-2532 and CVE-2009-3103) cover SMBv...

7.8CVSS6.3AI score0.81891EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.158 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.158 views

CVE-2011-2003

CVE-2011-2003 : A buffer overflow in win32k.sys used by kernel-mode drivers across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 RTM/SP1) can be triggered by a crafted .fon file. The vulnerability arises from an input validation error when the ke...

9.3CVSS7.6AI score0.27772EPSS
CVE
CVE
added 2011/12/30 1:0 a.m.156 views

CVE-2011-3414

CVE-2011-3414 concerns a denial-of-service in the Microsoft .NET Framework ASP.NET HashTable mapping. The vulnerability arises from the CaseInsensitiveHashProvider.getHashCode function used by the HashTable implementation across .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, which can ...

7.8CVSS6.4AI score0.58895EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.156 views

CVE-2013-0077

The CVE-2013-0077 issue concerns Quartz.dll in DirectShow on Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2). A remote attacker can trigger arbitrary code execution by processing crafted media content (media file, media stream, or an Office document). The vulnerability...

9.3CVSS7.5AI score0.24242EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.155 views

CVE-2016-7212

CVE-2016-7212 affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, 10 up to 1607, and Server 2016) where a crafted image file can lead to remote code execution. Root cause: improper handling in the Windows image load feature. Impact is remote cod...

9.3CVSS8AI score0.69829EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.154 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.154 views

CVE-2010-0231

CVE-2010-0231 involves the SMB server’s NTLM authentication on Windows 2000/XP/2003/Vista/Server 2008/7 where insufficient entropy in server-generated challenges (duplicate NTLM nonces) allows remote attackers to access files and SMB resources after many authentication requests. Root cause: weak ...

10CVSS9AI score0.41262EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.152 views

CVE-2012-0175

CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...

9.3CVSS7.8AI score0.2621EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.152 views

CVE-2017-0158

CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...

7.6CVSS7.5AI score0.12558EPSS
CVE
CVE
added 2013/08/14 10:0 a.m.150 views

CVE-2013-3183

Microsoft Windows ICMPv6 Packet Denial of Service (CVE-2013-3183) affects multiple Windows platforms (Vista SP2, 2008 SP2/R2 SP1, 7 SP1, 8, 2012, RT) where the TCP/IP stack improperly allocates memory for inbound ICMPv6 packets, causing remote denial of service (system hang) via crafted packets. ...

7.8CVSS6.5AI score0.80473EPSS
CVE
CVE
added 2009/01/14 10:0 p.m.148 views

CVE-2008-4834

CVE-2008-4834 corresponds to a buffer overflow in the Server service of Microsoft Windows SMB handling. Affected products include Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP1/SP2. The root cause is improper validation of SMB NT Trans request data, allowing remote attackers to craft m...

10CVSS8.4AI score0.45756EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.148 views

CVE-2009-1926

CVE-2009-1926 describes a TCP/IP processing vulnerability in Microsoft Windows that can cause a denial of service by flooding a host with specially crafted TCP packets featuring a small or zero receive window. The issue occurs when connections remain in FIN-WAIT-1 or FIN-WAIT-2 and the sender doe...

7.8CVSS6.4AI score0.35042EPSS
Web
CVE
CVE
added 2010/02/10 6:0 p.m.148 views

CVE-2010-0020

CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...

9CVSS7.1AI score0.32032EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.148 views

CVE-2012-4774

CVE-2012-4774 is a Windows File Handling Component vulnerability. A crafted file or subfolder name can trigger use of unallocated memory as the destination of a copy operation, enabling remote code execution on affected Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windo...

9.3CVSS7.5AI score0.20766EPSS
Total number of security vulnerabilities591