Total
649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7269 | 1 Microsoft | 2 Internet Information Server, Windows Server 2003 | 2024-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | |||||
| CVE-2014-1776 | 1 Microsoft | 11 Internet Explorer, Windows 7, Windows 8 and 8 more | 2024-07-24 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." | |||||
| CVE-2012-4792 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-07-24 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. | |||||
| CVE-2013-2251 | 5 Apache, Fujitsu, Microsoft and 2 more | 21 Archiva, Struts, Gp-s and 18 more | 2024-07-16 | 9.3 HIGH | 9.8 CRITICAL |
| Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. | |||||
| CVE-2014-6324 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2024-07-16 | 9.0 HIGH | 8.8 HIGH |
| The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability." | |||||
| CVE-2009-1123 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-07-16 | 7.2 HIGH | 7.8 HIGH |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." | |||||
| CVE-2013-1347 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-07-16 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. | |||||
| CVE-2013-3897 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2024-07-16 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2015-2387 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-07-16 | 7.2 HIGH | 7.8 HIGH |
| ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability." | |||||
| CVE-2013-3660 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2024-07-09 | 6.9 MEDIUM | 7.8 HIGH |
| The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." | |||||
| CVE-2010-4398 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-07-09 | 7.2 HIGH | 7.8 HIGH |
| Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." | |||||
| CVE-2011-2005 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-07-09 | 7.2 HIGH | 7.8 HIGH |
| afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2013-2551 | 1 Microsoft | 9 Internet Explorer, Windows 7, Windows 8 and 6 more | 2024-07-09 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. | |||||
| CVE-2014-4113 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-07-02 | 7.2 HIGH | 7.8 HIGH |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability." | |||||
| CVE-2014-2817 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2024-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
| CVE-2014-4077 | 1 Microsoft | 5 Office 2007 Ime, Windows 7, Windows Server 2003 and 2 more | 2024-06-28 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014. | |||||
| CVE-2015-1671 | 1 Microsoft | 11 .net Framework, Live Meeting, Lync and 8 more | 2024-06-28 | 9.3 HIGH | 7.8 HIGH |
| The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | |||||
| CVE-2014-4123 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2024-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. | |||||
| CVE-2014-4148 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-06-28 | 9.3 HIGH | 8.8 HIGH |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability." | |||||
| CVE-2012-1889 | 1 Microsoft | 15 Expression Web, Groove, Groove Server and 12 more | 2024-06-28 | 9.3 HIGH | 8.8 HIGH |
| Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||