Total
236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0077 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 2.1 LOW | N/A |
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." | |||||
CVE-2015-0059 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2019-05-14 | 6.9 MEDIUM | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability." | |||||
CVE-2015-0080 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 4.3 MEDIUM | N/A |
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability." | |||||
CVE-2015-0081 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 9.3 HIGH | N/A |
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." | |||||
CVE-2015-0057 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
CVE-2015-1721 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 7.2 HIGH | N/A |
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability." | |||||
CVE-2015-0076 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2019-05-14 | 4.3 MEDIUM | N/A |
The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "JPEG XR Parser Information Disclosure Vulnerability." | |||||
CVE-2015-0073 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 7.2 HIGH | N/A |
The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability." | |||||
CVE-2015-0062 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2019-05-14 | 7.2 HIGH | N/A |
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability." | |||||
CVE-2015-1723 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 7.2 HIGH | N/A |
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability." | |||||
CVE-2015-1720 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 7.2 HIGH | N/A |
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability." | |||||
CVE-2013-3918 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2019-05-14 | 9.3 HIGH | N/A |
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability." | |||||
CVE-2013-3869 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2019-05-14 | 5.0 MEDIUM | N/A |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability." | |||||
CVE-2013-3940 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2019-05-14 | 9.3 HIGH | N/A |
Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability." | |||||
CVE-2013-3876 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2019-05-14 | 7.1 HIGH | N/A |
DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. | |||||
CVE-2014-6318 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2019-05-14 | 4.3 MEDIUM | N/A |
The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability." | |||||
CVE-2013-5056 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2019-05-14 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library." | |||||
CVE-2014-0263 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2019-05-14 | 9.3 HIGH | N/A |
The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability." | |||||
CVE-2014-4118 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 9.3 HIGH | N/A |
XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability." | |||||
CVE-2013-7331 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2019-05-14 | 4.3 MEDIUM | N/A |
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. |