CVSS: 8.8EPSS: 6%CPEs: 13EXPL: 0CVE-2015-2360 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-2360
10 Jun 2015 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2 y R2 SP2, Windows... • http://www.securityfocus.com/bid/75025 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.3EPSS: 76%CPEs: 25EXPL: 0CVE-2015-1671 – Microsoft Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1671
13 May 2015 — The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." La librería DirectWrite de Windows, utilizada en Microsoft... • http://www.securityfocus.com/bid/74490 •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2015-1702
https://notcve.org/view.php?id=CVE-2015-1702
13 May 2015 — The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability." Service Control Manager (SCM) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows S... • http://www.securityfocus.com/bid/74492 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 17%CPEs: 12EXPL: 0CVE-2015-1716
https://notcve.org/view.php?id=CVE-2015-1716
13 May 2015 — Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability." Schannel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Window... • http://www.securityfocus.com/bid/74489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 5%CPEs: 12EXPL: 1CVE-2015-1676 – Microsoft Windows NtUserGetTitleBarInfo Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1676
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 5%CPEs: 12EXPL: 1CVE-2015-1677 – Microsoft Windows NtUserGetScrollBarInfo Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1677
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 5%CPEs: 12EXPL: 1CVE-2015-1678 – Microsoft Windows NtUserGetComboBoxInfo Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1678
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 6%CPEs: 12EXPL: 1CVE-2015-1679 – Microsoft Windows NtUserGetMessage Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1679
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 5%CPEs: 12EXPL: 1CVE-2015-1680 – Microsoft Windows NtUserRealInternalGetMessage Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1680
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2015-1643
https://notcve.org/view.php?id=CVE-2015-1643
14 Apr 2015 — Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability." Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server ... • http://www.securitytracker.com/id/1032113 • CWE-264: Permissions, Privileges, and Access Controls •