Windows Security Vulnerabilities and Issues — Page 2 of Windows CVE List

Lucene search

MicrosoftWindows

80 matches found

CVE•added 2014/12/10 9:59 p.m.•57 views

CVE-2014-8452

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS6.5AI score0.10317EPSS

CVE•added 2015/05/13 10:59 a.m.•57 views

CVE-2015-3059

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3075.

10CVSS7.4AI score0.06245EPSS

CVE•added 2010/10/08 10:0 p.m.•56 views

CVE-2010-3888

Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.

7.2CVSS6.4AI score0.0136EPSS

CVE•added 2014/12/10 9:59 p.m.•56 views

CVE-2014-8456

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE...

10CVSS7.6AI score0.27545EPSS

CVE•added 2015/05/13 10:59 a.m.•56 views

CVE-2015-3054

10CVSS7.4AI score0.06245EPSS

CVE•added 2014/12/10 9:59 p.m.•55 views

CVE-2014-9159

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.

10CVSS7.9AI score0.36278EPSS

CVE•added 2015/05/13 10:59 a.m.•55 views

CVE-2015-3057

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE...

10CVSS7.6AI score0.10445EPSS

CVE•added 2010/10/08 10:0 p.m.•54 views

CVE-2010-3889

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2008/11/17 11:30 p.m.•53 views

CVE-2008-5112

The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind re...

5CVSS6.5AI score0.32143EPSS

CVE•added 2024/12/18 11:15 p.m.•53 views

CVE-2022-40732

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot....

5CVSS5.2AI score0.0014EPSS

CVE•added 2014/12/10 9:59 p.m.•52 views

CVE-2014-8453

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

5CVSS6.6AI score0.10853EPSS

CVE•added 2015/05/13 10:59 a.m.•52 views

CVE-2015-3060

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8447

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8449

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.39126EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8454

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165.

10CVSS7.4AI score0.2145EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-8459

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•51 views

CVE-2014-9165

10CVSS7.4AI score0.2145EPSS

CVE•added 2016/01/12 8:59 p.m.•51 views

CVE-2016-1715

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) ...

6.6CVSS6.6AI score0.00626EPSS

CVE•added 2016/05/05 6:59 p.m.•50 views

CVE-2016-4534

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.

3CVSS3.9AI score0.01135EPSS

CVE•added 2009/02/19 6:30 p.m.•49 views

CVE-2008-6194

Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898.

7.8CVSS6.3AI score0.85355EPSS

CVE•added 2014/12/10 9:59 p.m.•48 views

CVE-2014-8458

10CVSS7.6AI score0.27545EPSS

CVE•added 2010/08/27 7:0 p.m.•47 views

CVE-2010-3143

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: ...

9.3CVSS7.3AI score0.30114EPSS

CVE•added 2014/12/10 9:59 p.m.•47 views

CVE-2014-8455

10CVSS7.4AI score0.2145EPSS

CVE•added 2014/12/10 9:59 p.m.•46 views

CVE-2014-8460

10CVSS7.9AI score0.36278EPSS

CVE•added 2014/12/10 9:59 p.m.•46 views

CVE-2014-8461

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•45 views

CVE-2014-8457

10CVSS7.9AI score0.36278EPSS

CVE•added 2016/06/16 2:59 p.m.•44 views

CVE-2016-4158

Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

7.3CVSS7.2AI score0.01901EPSS

CVE•added 2024/03/27 12:15 a.m.•44 views

CVE-2017-20190

Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be ...

6.8AI score0.00097EPSS

CVE•added 2011/10/20 12:55 a.m.•39 views

CVE-2011-3310

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authe...

9CVSS7.2AI score0.27533EPSS

CVE•added 2014/10/16 12:55 a.m.•39 views

CVE-2014-7237

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.

6.8CVSS7.6AI score0.26289EPSS

Total number of security vulnerabilities80