Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-0151 | 7.2 |
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka
|
09-07-2024 - 18:25 | 12-04-2016 - 23:59 | |
CVE-2015-1637 | 4.3 |
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict
|
07-04-2021 - 17:15 | 06-03-2015 - 17:59 | |
CVE-2012-2549 | 5.8 |
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerab
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2013-0013 | 5.8 |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle atta
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2014-0317 | 5.4 |
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine th
|
28-09-2020 - 12:58 | 12-03-2014 - 05:15 | |
CVE-2012-0001 | 9.3 |
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attack
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2013-0013 | 5.8 |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle atta
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2014-0317 | 5.4 |
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine th
|
28-09-2020 - 12:58 | 12-03-2014 - 05:15 | |
CVE-2012-2549 | 5.8 |
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerab
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
CVE-2012-0001 | 9.3 |
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attack
|
28-09-2020 - 12:58 | 10-01-2012 - 21:55 | |
CVE-2015-0009 | 3.3 |
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and
|
29-10-2019 - 19:15 | 11-02-2015 - 03:00 | |
CVE-2015-6095 | 4.9 |
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physi
|
17-05-2019 - 12:11 | 11-11-2015 - 12:59 | |
CVE-2016-3320 | 4.0 |
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot mana
|
15-05-2019 - 17:37 | 09-08-2016 - 21:59 | |
CVE-2015-1674 | 4.6 |
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discov
|
14-05-2019 - 20:30 | 13-05-2015 - 10:59 | |
CVE-2015-0084 | 2.1 |
The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass inten
|
14-05-2019 - 19:23 | 11-03-2015 - 10:59 | |
CVE-2015-2534 | 1.9 |
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulne
|
14-05-2019 - 18:44 | 09-09-2015 - 00:59 | |
CVE-2014-6318 | 4.3 |
The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log una
|
14-05-2019 - 14:11 | 11-11-2014 - 22:55 | |
CVE-2014-0316 | 7.5 |
Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of servic
|
13-05-2019 - 18:35 | 12-08-2014 - 21:55 | |
CVE-2014-1809 | 6.8 |
The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MS
|
30-10-2018 - 16:27 | 14-05-2014 - 11:13 | |
CVE-2016-7247 | 5.0 |
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secur
|
12-10-2018 - 22:14 | 10-11-2016 - 07:00 | |
CVE-2016-3258 | 1.2 |
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified obje
|
12-10-2018 - 22:12 | 13-07-2016 - 01:59 | |
CVE-2016-3272 | 2.1 |
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted ap
|
12-10-2018 - 22:12 | 13-07-2016 - 01:59 | |
CVE-2016-3287 | 2.1 |
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot S
|
12-10-2018 - 22:12 | 13-07-2016 - 01:59 | |
CVE-2016-0181 | 2.1 |
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Secu
|
12-10-2018 - 22:11 | 11-05-2016 - 01:59 | |
CVE-2016-0132 | 10.0 |
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validatio
|
12-10-2018 - 22:11 | 09-03-2016 - 11:59 | |
CVE-2015-1646 | 4.3 |
Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."
|
12-10-2018 - 22:08 | 14-04-2015 - 20:59 | |
CVE-2015-1684 | 4.3 |
VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass."
|
12-10-2018 - 22:08 | 13-05-2015 - 10:59 | |
CVE-2015-1686 | 4.3 |
The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and
|
12-10-2018 - 22:08 | 13-05-2015 - 10:59 | |
CVE-2014-4078 | 5.1 |
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers
|
12-10-2018 - 22:07 | 11-11-2014 - 22:55 | |
CVE-2014-6362 | 4.3 |
Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability." <a href=
|
12-10-2018 - 22:07 | 11-02-2015 - 02:59 | |
CVE-2014-4075 | 4.3 |
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."
|
12-10-2018 - 22:07 | 15-10-2014 - 10:55 | |
CVE-2015-0001 | 1.9 |
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbit
|
12-10-2018 - 22:07 | 13-01-2015 - 22:59 | |
CVE-2015-0006 | 6.1 |
The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authenticatio
|
12-10-2018 - 22:07 | 13-01-2015 - 22:59 | |
CVE-2014-4062 | 4.3 |
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."
|
12-10-2018 - 22:06 | 12-08-2014 - 21:55 | |
CVE-2013-5057 | 4.3 |
hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet
|
12-10-2018 - 22:05 | 11-12-2013 - 00:55 | |
CVE-2014-0319 | 7.1 |
Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability."
|
12-10-2018 - 22:05 | 12-03-2014 - 05:15 |