Lucene search
K

663 matches found

CVE
CVE
added 2009/01/14 10:0 p.m.140 views

CVE-2008-4835

CVE-2008-4835 affects Microsoft Windows SMB Server service across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1/Gold, and Server 2008. The root cause is insufficient validation of buffer size for malformed values inside NT Trans2 SMB requests, enabling remote code execution. The vu...

10CVSS8.2AI score0.44925EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.140 views

CVE-2010-2550

CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...

10CVSS9.3AI score0.7572EPSS
Web
CVE
CVE
added 2010/12/16 7:0 p.m.140 views

CVE-2010-3956

CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....

9.3CVSS6.3AI score0.08274EPSS
CVE
CVE
added 2011/12/30 7:0 p.m.139 views

CVE-2011-5046

CVE-2011-5046 affects the Windows kernel component win32k.sys (GDI) across multiple OS versions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue arises from improper validation of user-mode input in GDI, enabling remote attackers to execute arbitrary code ...

9.3CVSS7.7AI score0.45457EPSS
CVE
CVE
added 2006/01/10 10:0 p.m.138 views

CVE-2006-0010

CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...

9.3CVSS7.7AI score0.32189EPSS
CVE
CVE
added 2005/05/31 4:0 a.m.137 views

CVE-2005-0356

CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...

5CVSS6.2AI score0.83284EPSS
CVE
CVE
added 2012/11/14 12:0 a.m.137 views

CVE-2012-1528

CVE-2012-1528 is a Windows Shell vulnerability originating from an integer overflow in the Briefcase feature. The flaw affects multiple Windows client/server platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP, Windows 7 SP1, Windows 8, Server 2012) and can let local users gain p...

9.3CVSS6.6AI score0.18163EPSS
CVE
CVE
added 2013/01/09 6:0 p.m.137 views

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

9.3CVSS7.5AI score0.28084EPSS
CVE
CVE
added 2010/08/27 6:10 p.m.135 views

CVE-2010-3138

The CVE-2010-3138 issue affects Microsoft Windows XP SP3 with the Indeo Codec (iac25_32.ax) loading an insecure library (iacenc.dll) from the current working directory, enabling local privilege escalation via crafted .avi/.mka/.ra/.ram files (e.g., through players like BS.Player or Media Player C...

9.3CVSS6.5AI score0.26693EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.132 views

CVE-2009-2507

CVE-2009-2507 describes a remote code execution via an ActiveX control in the Microsoft Windows Indexing Service. The vulnerability arises because the Indexing Service ActiveX component does not properly handle specially crafted URLs, enabling a remote attacker to load/execute arbitrary code on a...

9.3CVSS7.1AI score0.19291EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.131 views

CVE-2004-0790

CVE-2004-0790 describes a denial-of-service condition caused by spoofed ICMP error messages that disrupt TCP connections. In published connected materials, the vulnerability is tied to BIG-IP products, notably FastL4 accelerated virtual servers on ePVA-equipped platforms (e.g., VIPRION blades and...

5CVSS7.5AI score0.80675EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.131 views

CVE-2009-0090

CVE-2009-0090 corresponds to a high-severity remote code execution vulnerability in Microsoft .NET Framework. The issue arises because .NET Framework versions 1.0 SP3, 1.1 SP1 and 2.0 SP1 do not properly validate verifiable code, enabling a remote attacker to execute arbitrary code and read stack...

9.3CVSS9.4AI score0.20982EPSS
CVE
CVE
added 2006/12/05 11:0 a.m.129 views

CVE-2006-6296

The CVE-2006-6296 issue affects the Windows Print Spooler (SPOOLSS) via the RpcGetPrinterData function in spoolsv.exe. A remote attacker can trigger a denial of service by sending a crafted RPC request with a large output buffer size, causing memory consumption on affected systems. Affected produ...

6.1CVSS6.6AI score0.23566EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.129 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.124 views

CVE-2010-0022

CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...

7.8CVSS6.3AI score0.79499EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.123 views

CVE-2009-1133

CVE-2009-1133 corresponds to a heap-based buffer overflow in Microsoft Remote Desktop Connection (mstsc/ mstscax.dll) affecting RDP clients (RDP 5.0–6.1 on Windows and Mac 2.0). The underlying flaw occurs during parsing of data from the RDP server, allowing a remote attacker to execute arbitrary ...

9.3CVSS8.2AI score0.30496EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.123 views

CVE-2011-1249

CVE-2011-1249 concerns the Ancillary Function Driver (afd.sys) in Windows, where local input validation flaws allow privilege escalation. Affected OSes include Windows XP SP2/SP3, Server 2003 SP2, Windows Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7 (Gold/SP1). The vulnerability stems ...

7.2CVSS6.3AI score0.08488EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.122 views

CVE-2012-0173

Technical details for CVE-2012-0173 are not provided in the connected documents. The materials reference CVE-2012-0002 and MS12-020 but do not disclose specifics for CVE-2012-0173. Monitor for updates.

9.3CVSS9.4AI score0.20933EPSS
Web
CVE
CVE
added 2003/09/12 4:0 a.m.121 views

CVE-2003-0528

Technical details for CVE-2003-0528 are not publicly provided in the supplied documents. Monitor for updates from official advisories; related CVEs (e.g., CVE-2003-0352) are discussed but do not specify 0528 specifics.

10CVSS7.8AI score0.37799EPSS
CVE
CVE
added 2003/11/18 5:0 a.m.121 views

CVE-2003-0822

Affected software : Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002. Vulnerability : a buffer overflow in the debug functionality of fp30reg.dll (MS03-051) that can be triggered via a crafted chunked-encoded request, allowing remote code execution. Impact : remote attacker could execut...

7.5CVSS7.4AI score0.83075EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.121 views

CVE-2010-0021

CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...

7.1CVSS6.4AI score0.14385EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.121 views

CVE-2013-3174

CVE-2013-3174 corresponds to a remote code execution in Microsoft DirectShow via specially crafted GIF files. Affected: DirectShow in Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012. Root cause: faulty GIF image parsing leads to arbitr...

9.3CVSS7.4AI score0.31979EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.120 views

CVE-2004-0575

CVE-2004-0575 is a Microsoft Windows vulnerability: an integer overflow in DUNZIP32.DLL (InnerMedia) that affects Windows XP/XP x64 and Windows Server 2003/64, caused by an unchecked buffer and improper length validation when handling ZIP-compressed folders. This allows remote code execution if a...

10CVSS7.7AI score0.603EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.120 views

CVE-2012-0181

CVE-2012-0181 affects Win32k.sys in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, and Windows 8 CP). The vulnerability is a memory-corruption/logic issue in the kernel-mode ReadLayoutFile path that handles keyboard layout files, allowing loc...

7.2CVSS6.2AI score0.03401EPSS
CVE
CVE
added 2003/09/04 4:0 a.m.119 views

CVE-2003-0661

The CVE-2003-0661 entry concerns the NetBIOS NBNS information disclosure vulnerability in Windows NT 4.0, 2000, XP, and Server 2003. The NBNS response may leak random memory contents from the target, potentially revealing sensitive data to remote attackers. Public details across connected documen...

5CVSS6.3AI score0.22019EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.118 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2004/04/16 4:0 a.m.116 views

CVE-2004-0120

CVE-2004-0120 is a denial-of-service vulnerability in the Microsoft SSL library used by Windows 2000, Windows XP, and Windows Server 2003. A specially crafted malformed SSL message could cause the system to stop accepting SSL connections (Windows 2000/XP) or, on Windows Server 2003, to automatica...

5CVSS7.2AI score0.55583EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.116 views

CVE-2009-0550

CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...

9.3CVSS6.9AI score0.11749EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.116 views

CVE-2012-0180

CVE-2012-0180 affects win32k.sys in multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8 CP). The issue is improper handling of user-mode input in kernel-mode for windows and messages, enabling local privilege escalation via a crafted app...

7.8CVSS6.2AI score0.01263EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.115 views

CVE-2008-3013

CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...

9.3CVSS7.7AI score0.52065EPSS
CVE
CVE
added 2004/02/11 5:0 a.m.114 views

CVE-2003-0818

CVE-2003-0818 covers a heap-based overflow in the Microsoft ASN.1 library (MSASN1.DLL) used by Windows components (LSASS.EXE, CRYPT32.DLL) on Windows NT 4.0/2000/XP. The vulnerability affects BER decoding of ASN.1 data, with two vectors: (1) very large length fields overwriting heap data, and (2)...

7.5CVSS7.4AI score0.84008EPSS
CVE
CVE
added 2012/05/09 12:0 a.m.114 views

CVE-2012-1848

CVE-2012-1848 affects win32k.sys kernel-mode drivers across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, Windows 7 SP1, and Windows 8 Consumer Preview). The underlying issue is improper handling of user-mode input passed to kernel mode, which enabl...

7.2CVSS6.2AI score0.01899EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.113 views

CVE-2009-2510

Technical details for CVE-2009-2510 are not publicly provided in the connected documents. Please monitor for updates.

6.8CVSS5.8AI score0.05321EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.112 views

CVE-2009-0091

CVE-2009-0091 is a Microsoft .NET Framework Type Verification Vulnerability. The issue involves .NET Framework 2.0, 2.0 SP1, and 3.5 where a type-equality check in verifiable code could be bypassed, allowing remote code execution via crafted XBAP, ASP.NET, or .NET Framework applications. Public d...

9.3CVSS7.2AI score0.25811EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.112 views

CVE-2009-2497

CVE-2009-2497 covers a Microsoft CLR vulnerability in .NET Framework 2.0–3.5 SP1 and Silverlight 2 where the CLR mishandles interfaces, enabling remote code execution via XBAPs, Silverlight, ASP.NET, or .NET applications. Connected docs confirm Microsoft issued MS09-061 to address three related v...

9.3CVSS7.2AI score0.23254EPSS
CVE
CVE
added 2005/11/16 7:37 a.m.111 views

CVE-2002-2132

CVE-2002-2132 concerns Windows File Protection (WFP) in Windows 2000 and XP. The vulnerability arises because WFP does not remove old security catalog (.CAT) files, enabling local attackers to replace legitimate, updated files with older, vulnerable versions that still have valid hash codes. The ...

2.1CVSS6.8AI score0.0174EPSS
CVE
CVE
added 2009/07/07 11:0 p.m.110 views

CVE-2008-0020

Technical details about CVE-2008-0020 are not publicly available in the provided connected documents. Monitor for updates as new information becomes public.

9.3CVSS7.4AI score0.30917EPSS
CVE
CVE
added 2005/10/21 4:0 a.m.109 views

CVE-2005-2117

CVE-2005-2117 refers to a remote code execution vulnerability in the Windows Shell Web View script injection. The issue arises in Web View in Windows Explorer when previewing files, where certain HTML characters in preview fields can be crafted to execute arbitrary code on affected systems. Affec...

5.1CVSS7.2AI score0.36881EPSS
CVE
CVE
added 2009/05/29 6:0 p.m.109 views

CVE-2009-1537

Summary of CVE-2009-1537 (DirectShow QuickTime parsing): A remote code execution vulnerability exists in the DirectShow QuickTime Movie Parser Filter (quartz.dll) within DirectX, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, and potentially DirectX 7.0–9.0c. Exploitation requires a...

9.3CVSS7.3AI score0.50926EPSS
In wild
CVE
CVE
added 2007/03/30 8:0 p.m.108 views

CVE-2007-0038

CVE-2007-0038 is a stack-based buffer overflow in Windows’ animated cursor handling (LoadAniIcon) affecting Windows 2000 SP4 through Vista, triggered by malformed RIFF ANI/cur/ico files and causing memory corruption in cursor/icon processing. A remote attacker could execute arbitrary code or caus...

9.3CVSS7.8AI score0.7288EPSS
CVE
CVE
added 2007/02/23 12:0 a.m.108 views

CVE-2007-0843

CVE-2007-0843 concerns the ReadDirectoryChangesW API on Windows 2000/XP/2003/Vista. The vulnerability arises because ReadDirectoryChangesW does not check the caller’s permissions for child directories, allowing a user with LIST access to a parent folder to monitor and infer information about file...

4.6CVSS6.1AI score0.0361EPSS
CVE
CVE
added 2011/12/30 1:0 a.m.107 views

CVE-2011-3417

The CVE-2011-3417 entry concerns the ASP.NET Forms Authentication feature in Microsoft .NET Framework (1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, 4.0). When sliding expiry is enabled, cached content is not handled properly, allowing remote attackers to access arbitrary user accounts via a crafted URL (For...

9.3CVSS6.5AI score0.35731EPSS
CVE
CVE
added 2003/09/12 4:0 a.m.106 views

CVE-2003-0715

CVE-2003-0715 describes a heap-based buffer overflow in the Windows RPCSS DCOM interface that can be triggered by a malformed DCERPC DCOM object activation request with modified length fields, enabling remote code execution. Affected: Windows NT 4.0 SPx, 2000, XP, and Server 2003 (DCOM RPC interf...

10CVSS7.7AI score0.37141EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.106 views

CVE-2011-0661

CVE-2011-0661 describes a remote code execution vulnerability in the Windows SMB Server service. The root cause is improper validation of fields in SMB requests by the SMB Server, allowing an unauthenticated remote attacker to execute arbitrary code via a malformed SMBv1 or SMBv2 packet. Affected...

10CVSS7.6AI score0.45497EPSS
CVE
CVE
added 2005/06/15 4:0 a.m.105 views

CVE-2005-1206

CVE-2005-1206 describes a remote code execution vulnerability in Microsoft Windows SMB implementation. The SMB packet validation process contains a buffer-handling flaw that can allow an unauthenticated attacker to execute arbitrary code by sending specially crafted SMB packets. Affected products...

7.5CVSS7.8AI score0.70144EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.105 views

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

9.3CVSS9.7AI score0.20982EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.105 views

CVE-2010-0805

CVE-2010-0805 is an actively discussed vulnerability affecting the Internet Explorer Tabular Data Control ActiveX. The issue arises when a long DataURL parameter triggers a memory corruption inside CTDCCtl::SecurityCHeckDataURL, enabling remote code execution. Public material in connected docs co...

9.3CVSS7.5AI score0.80603EPSS
Web
CVE
CVE
added 2002/02/18 5:0 a.m.104 views

CVE-2002-0053

Technical details about CVE-2002-0053 are not publicly available in the provided connected documents. Monitor for updates.

7.5CVSS7.8AI score0.37913EPSS
CVE
CVE
added 2006/06/13 7:0 p.m.104 views

CVE-2006-2370

CVE-2006-2370 describes a buffer/ memory corruption vulnerability in the Routing and Remote Access Service (RRAS) on Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The flaw, triggered by certain crafted RPC-related requests to RRAS (RASMAN), allows remote attackers (authenticated ...

7.5CVSS9.7AI score0.72969EPSS
Web
CVE
CVE
added 2012/01/10 9:0 p.m.104 views

CVE-2012-0003

CVE-2012-0003 is a remote-code-execution issue in Windows Multimedia Library (winmm.dll) used by Windows Media Player. A specially crafted MIDI file can trigger the vulnerability, leading to arbitrary code execution with the user’s context. Affected products include Windows XP SP2/SP3, Windows Se...

9.3CVSS7.8AI score0.69499EPSS
In wild
Total number of security vulnerabilities663