CVSS: 7.8EPSS: 52%CPEs: 5EXPL: 0CVE-2015-0015
https://notcve.org/view.php?id=CVE-2015-0015
13 Jan 2015 — Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability." Microsoft Windows Server 2003 SP2, Server 2008 SP2 y R2 SP1, y Server 2012 Gold y R2 permiten a atacantes remotos causar una denegación de servi... • http://secunia.com/advisories/62148 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2014-7286 – Symantec Altiris Agent 6.9 (Build 648) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-7286
22 Dec 2014 — Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en AClient en Symantec Deployment Solution 6.9 y anteriores en Windows XP y Server 2003 permite a usuarios locales obtener privilegios a través de vectores sin especificar. • https://www.exploit-db.com/exploits/35964 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 13%CPEs: 11EXPL: 0CVE-2014-6355
https://notcve.org/view.php?id=CVE-2014-6355
11 Dec 2014 — The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability." El componente Graphics en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-085 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 88%CPEs: 9EXPL: 3CVE-2014-6324 – Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-6324
18 Nov 2014 — The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability." Kerberos Key Distribution Center (KDC) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wind... • https://packetstorm.news/files/id/180752 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 19%CPEs: 7EXPL: 0CVE-2014-4077 – Microsoft IME Japanese Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4077
11 Nov 2014 — Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014. Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, y Office 2007 SP3, cuando IMJPDCT.... • http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx •
CVSS: 9.3EPSS: 34%CPEs: 12EXPL: 0CVE-2014-4118
https://notcve.org/view.php?id=CVE-2014-4118
11 Nov 2014 — XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability." XML Core Services (también conocido como MSXML) 3.0 en Microsoft Windows Server 2003 SP2, Windows Vista SP... • http://www.securitytracker.com/id/1031187 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 26%CPEs: 12EXPL: 0CVE-2014-6317
https://notcve.org/view.php?id=CVE-2014-6317
11 Nov 2014 — Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability." Error del indice del array en win32k.sys en los controladores del modo kernel en Microsoft Windows S... • http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 50%CPEs: 3EXPL: 6CVE-2014-4076 – Microsoft Windows Server 2003 SP2 - Local Privilege Escalation (MS14-070)
https://notcve.org/view.php?id=CVE-2014-4076
11 Nov 2014 — Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." Microsoft Windows Server 2003 SP2 permite a usuarios locales ganar privilegios a través de una llamada IOCTL manipulada a (1) tcpip.sys o (2) tcpip6.sys, también conocido como 'vulnerabilidad de elevación de privilegios de TCP/IP.' A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys, can allow an attacker to ... • https://packetstorm.news/files/id/130257 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 93%CPEs: 12EXPL: 31CVE-2014-6332 – Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6332
11 Nov 2014 — OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability." OleAut32.dll en OLE en... • https://packetstorm.news/files/id/129210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 93%CPEs: 12EXPL: 3CVE-2014-6321 – HP Security Bulletin HPSBGN03258 1
https://notcve.org/view.php?id=CVE-2014-6321
11 Nov 2014 — Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." Schannel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windo... • http://blog.beyondtrust.com/triggering-ms14-066 • CWE-94: Improper Control of Generation of Code ('Code Injection') •