Filtered by vendor Microsoft
Subscribe
Total
19161 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0055 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2015-0010 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2023-12-10 | 1.9 LOW | N/A |
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707. | |||||
CVE-2014-0553 | 7 Adobe, Apple, Google and 4 more | 9 Adobe Air, Adobe Air Sdk, Flash Player and 6 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2014-4060 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability." | |||||
CVE-2014-0581 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441. | |||||
CVE-2015-0075 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege Vulnerability." | |||||
CVE-2014-2810 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, and CVE-2014-4057. | |||||
CVE-2014-2796 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067. | |||||
CVE-2014-0542 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. | |||||
CVE-2014-6369 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2014-5333 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. | |||||
CVE-2014-1762 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014. | |||||
CVE-2014-0559 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556. | |||||
CVE-2014-0565 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566. | |||||
CVE-2014-0521 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document. | |||||
CVE-2014-6323 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability." | |||||
CVE-2014-6342 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348. | |||||
CVE-2014-2398 | 5 Canonical, Debian, Ibm and 2 more | 8 Ubuntu Linux, Debian Linux, Forms Viewer and 5 more | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | |||||
CVE-2014-0582 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0589. | |||||
CVE-2014-0506 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. |