CVE-2019-0708

Known exploited
Public exploit
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Max CVSS
10.0
EPSS Score
97.53%
Published
2019-05-16
Updated
2021-06-03
CISA KEV Added
2021-11-03

CVE-2017-0199

Known exploited
Public exploit
Used for ransomware
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Max CVSS
9.3
EPSS Score
97.43%
Published
2017-04-12
Updated
2019-10-03
CISA KEV Added
2021-11-03

CVE-2016-3236

Public exploit
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."
Max CVSS
10.0
EPSS Score
92.83%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-3225

Public exploit
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
1.09%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-3213

Public exploit
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
Max CVSS
9.3
EPSS Score
92.12%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-0100

Public exploit
Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."
Max CVSS
8.4
EPSS Score
5.76%
Published
2016-03-09
Updated
2018-10-12

CVE-2016-0099

Known exploited
Public exploit
Used for ransomware
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-03-09
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2016-0051

Public exploit
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-02-10
Updated
2018-10-12

CVE-2016-0041

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Max CVSS
7.8
EPSS Score
91.05%
Published
2016-02-10
Updated
2018-10-12

CVE-2016-0040

Known exploited
Public exploit
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-02-10
Updated
2018-10-12
CISA KEV Added
2022-03-28

CVE-2015-6132

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Max CVSS
7.2
EPSS Score
96.25%
Published
2015-12-09
Updated
2019-05-15

CVE-2015-6128

Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Max CVSS
7.2
EPSS Score
75.87%
Published
2015-12-09
Updated
2018-10-12

CVE-2015-6127

Public exploit
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
85.69%
Published
2015-12-09
Updated
2019-05-15

CVE-2015-2509

Public exploit
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
Max CVSS
9.3
EPSS Score
97.35%
Published
2015-09-09
Updated
2019-05-15

CVE-2015-2433

Public exploit
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability."
Max CVSS
2.1
EPSS Score
0.06%
Published
2015-08-15
Updated
2019-05-15

CVE-2015-2426

Known exploited
Public exploit
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."
Max CVSS
9.3
EPSS Score
97.38%
Published
2015-07-20
Updated
2019-05-15
CISA KEV Added
2022-03-28

CVE-2015-1701

Known exploited
Public exploit
Used for ransomware
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
0.53%
Published
2015-04-21
Updated
2020-05-14
CISA KEV Added
2022-03-03

CVE-2015-0096

Public exploit
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
97.32%
Published
2015-03-11
Updated
2019-05-14

CVE-2015-0016

Known exploited
Public exploit
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
Max CVSS
9.3
EPSS Score
26.60%
Published
2015-01-13
Updated
2018-10-12
CISA KEV Added
2022-05-25

CVE-2014-6352

Known exploited
Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
Max CVSS
9.3
EPSS Score
96.88%
Published
2014-10-22
Updated
2018-10-12
CISA KEV Added
2022-02-25

CVE-2014-6332

Known exploited
Public exploit
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
97.39%
Published
2014-11-11
Updated
2019-05-15
CISA KEV Added
2022-03-25

CVE-2014-6324

Known exploited
Public exploit
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
Max CVSS
9.0
EPSS Score
97.23%
Published
2014-11-18
Updated
2019-02-26
CISA KEV Added
2022-03-25

CVE-2014-4114

Known exploited
Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
96.96%
Published
2014-10-15
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2014-4113

Known exploited
Public exploit
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
Max CVSS
7.2
EPSS Score
2.28%
Published
2014-10-15
Updated
2019-02-26
CISA KEV Added
2022-05-04

CVE-2014-1812

Known exploited
Public exploit
The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."
Max CVSS
9.0
EPSS Score
0.37%
Published
2014-05-14
Updated
2019-05-13
CISA KEV Added
2021-11-03
832 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!