Page 400 of 2398 results (0.010 seconds)

CVSS: 9.3EPSS: 53%CPEs: 8EXPL: 0

CVE-2016-7217

https://notcve.org/view.php?id=CVE-2016-7217

Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Media Foundation Memory Corruption Vulnerability." Media Foundation en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Media Foundation Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/94066 http://www.securitytracker.com/id/1037243 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0

CVE-2016-7218

https://notcve.org/view.php?id=CVE-2016-7218

Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability." Bowser.sys en los controladores kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a usuarios locales obtener información sensible a través de una aplicación manipulada, vulnerabilidad también conocida como "Windows Bowser.sys Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94004 http://www.securitytracker.com/id/1037251 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 6

CVE-2016-7255 – Microsoft Win32k Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2016-7255

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." Los controladores kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Win32k Elevation of Privilege Vulnerability". The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135. Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. • https://www.exploit-db.com/exploits/40745 https://www.exploit-db.com/exploits/41015 https://www.exploit-db.com/exploits/40823 https://github.com/FSecureLABS/CVE-2016-7255 https://github.com/heh3/CVE-2016-7255 https://github.com/homjxi0e/CVE-2016-7255 http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html http:/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1

CVE-2016-7224 – Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)

https://notcve.org/view.php?id=CVE-2016-7224

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." Virtual Hard Disk Driver en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 no restringe adecuadamente el acceso a archivos, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "VHD Driver Elevation of Privilege Vulnerability". The VHDMP driver does not open physical disk drives securely when creating a new VHD leading to information disclosure and elevation of privilege by allowing a user to access data they should not have access to. • https://www.exploit-db.com/exploits/40765 http://www.securityfocus.com/bid/94017 http://www.securitytracker.com/id/1037248 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138 • CWE-284: Improper Access Control •

CVSS: 6.8EPSS: 90%CPEs: 12EXPL: 1

CVE-2016-7237 – Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)

https://notcve.org/view.php?id=CVE-2016-7237

Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." Local Security Authority Subsystem Service (LSASS) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a usuarios remotos autenticados provocar una denegación de servicio (colgado de sistema) a través de una petición manipulada, vulnerabilidad también conocida como "Local Security Authority Subsystem Service Denial of Service Vulnerability". • https://www.exploit-db.com/exploits/40744 http://www.securityfocus.com/bid/94040 http://www.securitytracker.com/id/1037249 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-137 • CWE-284: Improper Access Control •