Total
247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4148 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability." | |||||
| CVE-2015-2518 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 6.9 MEDIUM | N/A |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2546. | |||||
| CVE-2015-2387 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability." | |||||
| CVE-2015-0090 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093. | |||||
| CVE-2015-6108 | 1 Microsoft | 16 .net Framework, Live Meeting, Lync and 13 more | 2025-04-12 | 9.3 HIGH | N/A |
| The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." | |||||
| CVE-2015-0016 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability." | |||||
| CVE-2016-0014 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability." | |||||
| CVE-2014-4074 | 1 Microsoft | 5 Windows 8, Windows 8.1, Windows Rt and 2 more | 2025-04-12 | 7.2 HIGH | N/A |
| The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability." | |||||
| CVE-2014-0300 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2025-04-12 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2015-2454 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows KMD Security Feature Bypass Vulnerability." | |||||
| CVE-2015-2459 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461. | |||||
| CVE-2014-0316 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2025-04-12 | 7.5 HIGH | N/A |
| Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (memory consumption) and bypass the ASLR protection mechanism via a crafted client that sends messages with an invalid data view, aka "LRPC ASLR Bypass Vulnerability." | |||||
| CVE-2015-1675 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. | |||||
| CVE-2016-0006 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 6.9 MEDIUM | 7.3 HIGH |
| The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007. | |||||
| CVE-2015-0311 | 5 Adobe, Apple, Linux and 2 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | |||||
| CVE-2015-6113 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka "Windows Kernel Security Feature Bypass Vulnerability." | |||||
| CVE-2015-0004 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability." | |||||
| CVE-2015-0059 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2025-04-12 | 6.9 MEDIUM | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability." | |||||
| CVE-2015-1679 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680. | |||||
| CVE-2015-1716 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability." | |||||