CVSS: 10.0EPSS: 80%CPEs: 9EXPL: 0CVE-2015-0014
https://notcve.org/view.php?id=CVE-2015-0014
13 Jan 2015 — Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability." Desbordamiento de buffer en el servicio Telnet en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1... • http://secunia.com/advisories/61580 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 52%CPEs: 5EXPL: 0CVE-2015-0015
https://notcve.org/view.php?id=CVE-2015-0015
13 Jan 2015 — Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability." Microsoft Windows Server 2003 SP2, Server 2008 SP2 y R2 SP1, y Server 2012 Gold y R2 permiten a atacantes remotos causar una denegación de servi... • http://secunia.com/advisories/62148 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 13%CPEs: 11EXPL: 0CVE-2014-6355
https://notcve.org/view.php?id=CVE-2014-6355
11 Dec 2014 — The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability." El componente Graphics en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-085 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 88%CPEs: 9EXPL: 3CVE-2014-6324 – Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-6324
18 Nov 2014 — The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability." Kerberos Key Distribution Center (KDC) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wind... • https://packetstorm.news/files/id/180752 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 19%CPEs: 7EXPL: 0CVE-2014-4077 – Microsoft IME Japanese Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4077
11 Nov 2014 — Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014. Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, y Office 2007 SP3, cuando IMJPDCT.... • http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx •
CVSS: 9.3EPSS: 34%CPEs: 12EXPL: 0CVE-2014-4118
https://notcve.org/view.php?id=CVE-2014-4118
11 Nov 2014 — XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability." XML Core Services (también conocido como MSXML) 3.0 en Microsoft Windows Server 2003 SP2, Windows Vista SP... • http://www.securitytracker.com/id/1031187 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 26%CPEs: 12EXPL: 0CVE-2014-6317
https://notcve.org/view.php?id=CVE-2014-6317
11 Nov 2014 — Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability." Error del indice del array en win32k.sys en los controladores del modo kernel en Microsoft Windows S... • http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx • CWE-129: Improper Validation of Array Index •
CVSS: 10.0EPSS: 92%CPEs: 12EXPL: 3CVE-2014-6321 – HP Security Bulletin HPSBGN03258 1
https://notcve.org/view.php?id=CVE-2014-6321
11 Nov 2014 — Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." Schannel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windo... • http://blog.beyondtrust.com/triggering-ms14-066 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 12EXPL: 31CVE-2014-6332 – Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6332
11 Nov 2014 — OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability." OleAut32.dll en OLE en... • https://packetstorm.news/files/id/129210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 78%CPEs: 11EXPL: 13CVE-2014-4113 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4113
15 Oct 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability." win32k.sys en los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Serv... • https://packetstorm.news/files/id/128861 •