CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 2CVE-2015-2554 – Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111)
https://notcve.org/view.php?id=CVE-2015-2554
14 Oct 2015 — The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability." El kernel en Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'Windows Object Reference Elevation of... • https://packetstorm.news/files/id/134180 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 11%CPEs: 12EXPL: 2CVE-2015-2553 – Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)
https://notcve.org/view.php?id=CVE-2015-2553
14 Oct 2015 — The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles junctions during mountpoint creation, which makes it easier for local users to gain privileges by leveraging certain sandbox access, aka "Windows Mount Point Elevation of Privilege Vulnerability." El kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1... • https://packetstorm.news/files/id/133971 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 48%CPEs: 12EXPL: 0CVE-2015-2515
https://notcve.org/view.php?id=CVE-2015-2515
14 Oct 2015 — Use-after-free vulnerability in Windows Shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted toolbar object, aka "Toolbar Use After Free Vulnerability." Vulnerabilidad de uso después de liberación de memoria en Windows Shell en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8... • http://www.securitytracker.com/id/1033799 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 1%CPEs: 12EXPL: 2CVE-2015-2552 – Microsoft Trusted Boot Security Feature Bypass
https://notcve.org/view.php?id=CVE-2015-2552
14 Oct 2015 — The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability." El kernel en Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold y R2,... • https://packetstorm.news/files/id/133962 • CWE-254: 7PK - Security Features •
CVSS: 7.3EPSS: 7%CPEs: 12EXPL: 2CVE-2015-2507 – Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
https://notcve.org/view.php?id=CVE-2015-2507
09 Sep 2015 — The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512. Vulnerabilidad en Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows ... • https://packetstorm.news/files/id/133665 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 28%CPEs: 11EXPL: 0CVE-2015-2513
https://notcve.org/view.php?id=CVE-2015-2513
09 Sep 2015 — Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2514 and CVE-2015-2530. Vulnerabilidad en Windows Journal en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.... • http://www.securitytracker.com/id/1033484 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 15%CPEs: 7EXPL: 2CVE-2015-2527 – Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)
https://notcve.org/view.php?id=CVE-2015-2527
09 Sep 2015 — The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." Vulnerabilidad en la implementación process-initialization en win32k.sys en los controladores kernel-mode en Microsoft Windows 8, Windows 8.1, Wind... • https://packetstorm.news/files/id/133607 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 28%CPEs: 11EXPL: 0CVE-2015-2519
https://notcve.org/view.php?id=CVE-2015-2519
09 Sep 2015 — Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability." Vulnerabilidad de desbordamiento de entero en Windows Journal en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8... • http://www.securitytracker.com/id/1033484 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2015-2529
https://notcve.org/view.php?id=CVE-2015-2529
09 Sep 2015 — The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." Vulnerabilidad en el kernel en Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 y Windows 10, permite a usuarios locales eludir el mecanismo de protección ASLR a través de una aplicación manipulada, también conocida como 'Kernel ASLR Bypass Vulnerability.' • http://www.securityfocus.com/bid/76602 • CWE-254: 7PK - Security Features •
CVSS: 7.2EPSS: 35%CPEs: 12EXPL: 2CVE-2015-2525 – Microsoft Windows Task Scheduler - 'DeleteExpiredTaskAfter' File Deletion Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2525
09 Sep 2015 — Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka "Windows Task File Deletion Elevation of Privilege Vulnerability." Vulnerabilidad en el Task Scheduler en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Wind... • https://packetstorm.news/files/id/133606 • CWE-264: Permissions, Privileges, and Access Controls •