CVSS: 5.5EPSS: 2%CPEs: 12EXPL: 1CVE-2015-0060 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0060
11 Feb 2015 — The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." El mapeador de fuentes en win32k.sys en los controladores del modo de kernel ... • https://www.exploit-db.com/exploits/37098 • CWE-19: Data Processing Errors •
CVSS: 5.5EPSS: 22%CPEs: 12EXPL: 0CVE-2015-0061
https://notcve.org/view.php?id=CVE-2015-0061
11 Feb 2015 — Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability." Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, ... • http://www.securityfocus.com/bid/72456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 1%CPEs: 12EXPL: 2CVE-2015-0010 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0010
11 Feb 2015 — The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1)... • https://www.exploit-db.com/exploits/37098 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 11%CPEs: 12EXPL: 2CVE-2015-0008 – Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
https://notcve.org/view.php?id=CVE-2015-0008
11 Feb 2015 — The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." L... • https://packetstorm.news/files/id/155002 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 1%CPEs: 12EXPL: 3CVE-2015-0009 – Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
https://notcve.org/view.php?id=CVE-2015-0009
11 Feb 2015 — The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." La implenetación de la política de Group Policy Sec... • https://packetstorm.news/files/id/155007 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 81%CPEs: 12EXPL: 5CVE-2015-0057 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0057
11 Feb 2015 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows ... • https://packetstorm.news/files/id/135028 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 26%CPEs: 12EXPL: 1CVE-2015-0003 – Microsoft Windows WM_SYSTIMER Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-0003
10 Feb 2015 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores del modo kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wind... • https://www.exploit-db.com/exploits/37098 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 80%CPEs: 9EXPL: 0CVE-2015-0014
https://notcve.org/view.php?id=CVE-2015-0014
13 Jan 2015 — Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability." Desbordamiento de buffer en el servicio Telnet en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1... • http://secunia.com/advisories/61580 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 20%CPEs: 11EXPL: 3CVE-2015-0004 – Microsoft Windows < 8.1 (x86/x64) - User Profile Service Privilege Escalation (MS15-003)
https://notcve.org/view.php?id=CVE-2015-0004
13 Jan 2015 — The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability." User Profile Service (también conocido como ProfSvc) en Microsoft W... • https://packetstorm.news/files/id/139200 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 38%CPEs: 5EXPL: 0CVE-2015-0015
https://notcve.org/view.php?id=CVE-2015-0015
13 Jan 2015 — Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability." Microsoft Windows Server 2003 SP2, Server 2008 SP2 y R2 SP1, y Server 2012 Gold y R2 permiten a atacantes remotos causar una denegación de servi... • http://secunia.com/advisories/62148 • CWE-399: Resource Management Errors •