CVSS: 9.3EPSS: 41%CPEs: 10EXPL: 2CVE-2016-0121 – Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026)
https://notcve.org/view.php?id=CVE-2016-0121
09 Mar 2016 — The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Wind... • https://packetstorm.news/files/id/136267 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 3CVE-2015-7865 – Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation
https://notcve.org/view.php?id=CVE-2015-7865
24 Nov 2015 — nvSCPAPISvr.exe en el Stereoscopic 3D Driver Service en el controlador de gráficos NVIDIA GPU R340 en versiones anteriores a 341.92, R352 en versiones anteriores a 354.35 y R358 en versiones anteriores a 358.87 en Windows no restringe adecuadamente el acceso a la tubería llamada stereosvrpipe, lo que permite a usuarios locales obtener privilegios a través de una línea de comandos en un comando número 2, que se almacena enla clave de registro HKEY_LOCAL_MACHINE explorer Run, una vulnerabilidad ... • http://packetstormsecurity.com/files/134520/NVIDIA-Stereoscopic-3D-Driver-Service-Arbitrary-Run-Key-Creation.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 2CVE-2015-6098 – Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!
https://notcve.org/view.php?id=CVE-2015-6098
11 Nov 2015 — Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS Elevation of Privilege Vulnerability." Desbordamiento de buffer en la implementación de Network Driver Interface Standard (NDIS) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y WindowsWindows-Ndis.sys-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 3%CPEs: 13EXPL: 2CVE-2015-6102 – Microsoft Windows - Cursor Object Memory Leak (MS15-115)
https://notcve.org/view.php?id=CVE-2015-6102
11 Nov 2015 — The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." El kernel en Microsoft Windows<... • http://packetstormsecurity.com/files/134519/Microsoft-Windows-Cursor-Object-Potential-Memory-Leak.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 56%CPEs: 13EXPL: 3CVE-2015-6103 – Microsoft Windows Kernel - 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
https://notcve.org/view.php?id=CVE-2015-6103
11 Nov 2015 — The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104. Adobe Type Manager Library en Mi... • http://packetstormsecurity.com/files/134397/Microsoft-Windows-Kernel-Win32k.sys-TTF-Font-Processing-Buffer-Overflow.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 56%CPEs: 13EXPL: 3CVE-2015-6104 – Microsoft Windows Kernel - 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
https://notcve.org/view.php?id=CVE-2015-6104
11 Nov 2015 — The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103. Adobe Type Manager Library en Mi... • http://packetstormsecurity.com/files/134398/Microsoft-Windows-Kernel-Win32k.sys-TTF-Font-Processing-Buffer-Overflow.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2015-7359 – Truecrypt 7 Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-7359
06 Oct 2015 — The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. Los métodos (1) IsVolumeAccessibleByCurrentUser y (2) MountDevice en Ntdriver.c en TrueCrypt 7.0; VeraCrypt, en versiones anteriores a la 1.15; y C... • https://packetstorm.news/files/id/133877 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 2CVE-2015-7358 – TrueCrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-7358
05 Oct 2015 — The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? ... El método IsDriveLetterAvailable en Driver/Ntdriver.c en TrueCrypt 7.0, Veracrypt en versiones anteriores a la 1.15 y CipherShed, cuando se ejecuta en Window... • http://packetstormsecurity.com/files/133878/Truecrypt-7-Derived-Code-Windows-Drive-Letter-Symbolic-Link-Creation-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 35%CPEs: 12EXPL: 1CVE-2015-2546 – Microsoft Win32k Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-2546
09 Sep 2015 — Vulnerabilidad en el controlador kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10, permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Win32k Memory Corruption Elevation of Privilege Vulnerability,' una vulnerabilidad diferente a CVE-2015-2511, CVE-2015-2517 y CVE-... • https://github.com/k0keoyo/CVE-2015-2546-Exploit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 3%CPEs: 12EXPL: 2CVE-2015-2507 – Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
https://notcve.org/view.php?id=CVE-2015-2507
09 Sep 2015 — The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512. Vulnerabilidad en Adobe Type Manager Library en Microsoft Windows