Search
Total
299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1332 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Rt and 3 more | 2023-12-07 | 7.2 HIGH | N/A |
| dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." | |||||
| CVE-2013-0008 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Rt and 3 more | 2023-12-07 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." | |||||
| CVE-2013-1343 | 1 Microsoft | 8 Windows 2003 Server, Windows 7, Windows 8 and 5 more | 2023-12-07 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865. | |||||
| CVE-2013-3129 | 1 Microsoft | 14 .net Framework, Lync, Lync Basic and 11 more | 2023-12-07 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." | |||||
| CVE-2013-1342 | 1 Microsoft | 8 Windows 2003 Server, Windows 7, Windows 8 and 5 more | 2023-12-07 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1343, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865. | |||||
| CVE-2013-0075 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Rt and 3 more | 2023-12-07 | 7.8 HIGH | N/A |
| The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." | |||||
| CVE-2013-1341 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows 8 and 3 more | 2023-12-07 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability." | |||||
| CVE-2013-3894 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2023-12-07 | 9.3 HIGH | N/A |
| The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability." | |||||
| CVE-2013-1345 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2023-12-07 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." | |||||
| CVE-2013-0073 | 1 Microsoft | 8 .net Framework, Windows 7, Windows 8 and 5 more | 2023-12-07 | 10.0 HIGH | N/A |
| The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." | |||||
| CVE-2013-1340 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2023-12-07 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." | |||||
| CVE-2013-1283 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2023-12-07 | 6.9 MEDIUM | N/A |
| Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." | |||||
| CVE-2013-3900 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2022-05-02 | 7.6 HIGH | N/A |
| The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | |||||
| CVE-2014-0569 | 7 Adobe, Apple, Google and 4 more | 14 Air Desktop Runtime, Air Sdk, Flash Player and 11 more | 2021-11-10 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-0564 | 7 Adobe, Apple, Google and 4 more | 14 Air Desktop Runtime, Air Sdk, Flash Player and 11 more | 2021-11-10 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. | |||||
| CVE-2013-0074 | 2 Apple, Microsoft | 9 Macos, Silverlight, Windows 7 and 6 more | 2021-09-22 | 9.3 HIGH | N/A |
| Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." | |||||
| CVE-2015-0312 | 4 Adobe, Apple, Linux and 1 more | 8 Flash Player, Flash Player Desktop Runtime, Macos and 5 more | 2021-09-08 | 9.3 HIGH | N/A |
| Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-1637 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2021-04-07 | 4.3 MEDIUM | N/A |
| Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067. | |||||
| CVE-2013-3128 | 1 Microsoft | 9 .net Framework, Windows 7, Windows 8 and 6 more | 2020-12-08 | 9.3 HIGH | N/A |
| The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2015-2528 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2020-09-08 | 7.2 HIGH | N/A |
| Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524. | |||||
| CVE-2014-0315 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2020-07-24 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability." | |||||
| CVE-2019-19160 | 2 Cabsoftware, Microsoft | 4 Reportexpress Proplus, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp). | |||||
| CVE-2019-19161 | 2 Cymiinstaller322 Activex Project, Microsoft | 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification. | |||||
| CVE-2015-6152 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows 8 and 3 more | 2020-06-24 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162. | |||||
| CVE-2019-19165 | 2 Inogard, Microsoft | 4 Activex, Windows 10, Windows 7 and 1 more | 2020-05-11 | 6.5 MEDIUM | 7.2 HIGH |
| AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10. | |||||
| CVE-2020-7804 | 2 Handysoft, Microsoft | 4 Groupware, Windows 10, Windows 7 and 1 more | 2020-05-07 | 6.5 MEDIUM | 7.2 HIGH |
| ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. | |||||
| CVE-2019-14678 | 6 Hp, Ibm, Linux and 3 more | 15 Hp-ux, Aix, Z\/os and 12 more | 2019-11-22 | 7.5 HIGH | 10.0 CRITICAL |
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | |||||
| CVE-2015-0009 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-10-29 | 3.3 LOW | N/A |
| The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." | |||||
| CVE-2015-0008 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-10-29 | 8.3 HIGH | N/A |
| The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." | |||||
| CVE-2017-14010 | 2 Microsoft, Spidercontrol | 6 Windows 10, Windows 7, Windows 8 and 3 more | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. | |||||
| CVE-2014-6321 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-10-09 | 10.0 HIGH | N/A |
| Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." | |||||
| CVE-2018-6947 | 2 Microsoft, Nomachine | 4 Windows 10, Windows 7, Windows 8 and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. | |||||
| CVE-2017-0050 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8 and 5 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
| CVE-2014-1817 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-20 | 9.3 HIGH | N/A |
| usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EMF+ record in a font file, aka "Unicode Scripts Processor Vulnerability." | |||||
| CVE-2014-1818 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code via a crafted EMF+ record in an image file, aka "GDI+ Image Parsing Vulnerability." | |||||
| CVE-2016-0007 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 6.9 MEDIUM | 7.8 HIGH |
| The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006. | |||||
| CVE-2016-0006 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 6.9 MEDIUM | 7.3 HIGH |
| The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007. | |||||
| CVE-2015-6104 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103. | |||||
| CVE-2015-6103 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104. | |||||
| CVE-2016-0015 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8 and 4 more | 2019-05-17 | 9.3 HIGH | 7.8 HIGH |
| DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap Corruption Remote Code Execution Vulnerability." | |||||
| CVE-2015-2459 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461. | |||||
| CVE-2015-2460 | 1 Microsoft | 8 .net Framework, Windows 10, Windows 7 and 5 more | 2019-05-17 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2015-2465 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 2.1 LOW | N/A |
| The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Shell Security Feature Bypass Vulnerability." | |||||
| CVE-2015-2476 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2019-05-17 | 2.6 LOW | N/A |
| The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability." | |||||
| CVE-2015-6095 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8 and 4 more | 2019-05-17 | 4.9 MEDIUM | N/A |
| Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass." | |||||
| CVE-2015-6102 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-16 | 2.1 LOW | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." | |||||
| CVE-2015-6112 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2019-05-16 | 5.8 MEDIUM | N/A |
| SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability." | |||||
| CVE-2015-6126 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-16 | 7.2 HIGH | N/A |
| Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application, aka "Windows PGM UAF Elevation of Privilege Vulnerability." | |||||
| CVE-2014-1811 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2019-05-16 | 5.0 MEDIUM | N/A |
| The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (non-paged pool memory consumption and system hang) via malformed data in the Options field of a TCP header, aka "TCP Denial of Service Vulnerability." | |||||
| CVE-2015-6113 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-16 | 2.1 LOW | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka "Windows Kernel Security Feature Bypass Vulnerability." | |||||