|
|
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-2423 |
200 |
|
+Priv +Info |
2015-08-15 |
2019-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability." |
|
2 |
CVE-2015-2433 |
200 |
|
Bypass +Info |
2015-08-15 |
2019-05-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." |
|
3 |
CVE-2015-2453 |
200 |
|
+Info |
2015-08-15 |
2019-05-15 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka "Windows CSRSS Elevation of Privilege Vulnerability." |
|
4 |
CVE-2015-2465 |
264 |
|
+Priv Bypass |
2015-08-15 |
2019-05-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Shell Security Feature Bypass Vulnerability." |
|
5 |
CVE-2015-2472 |
20 |
|
|
2015-08-15 |
2019-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka "Remote Desktop Session Host Spoofing Vulnerability." |
|
6 |
CVE-2015-2511 |
119 |
|
Overflow +Priv Mem. Corr. |
2015-09-09 |
2019-05-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2517, CVE-2015-2518, and CVE-2015-2546. |
|
7 |
CVE-2015-2516 |
20 |
|
DoS |
2015-09-09 |
2019-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka "Windows Journal DoS Vulnerability." |
|
8 |
CVE-2015-2517 |
264 |
|
+Priv Mem. Corr. |
2015-09-09 |
2019-05-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546. |
|
9 |
CVE-2015-2518 |
264 |
|
+Priv Mem. Corr. |
2015-09-09 |
2019-05-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2546. |
|
10 |
CVE-2015-2529 |
254 |
|
Bypass |
2015-09-09 |
2019-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." |
|
11 |
CVE-2015-2534 |
284 |
|
Bypass |
2015-09-09 |
2019-05-14 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability." |
|
12 |
CVE-2015-2546 |
119 |
|
Overflow +Priv Mem. Corr. |
2015-09-09 |
2019-05-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518. |
|
13 |
CVE-2015-6095 |
255 |
|
Bypass |
2015-11-11 |
2019-05-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass." |
|
14 |
CVE-2015-6100 |
264 |
|
+Priv |
2015-11-11 |
2019-05-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101. |
|
15 |
CVE-2015-6101 |
264 |
|
+Priv |
2015-11-11 |
2019-05-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100. |
|
16 |
CVE-2015-6102 |
200 |
|
Bypass +Info |
2015-11-11 |
2019-05-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." |
|
17 |
CVE-2015-6109 |
200 |
|
Bypass +Info |
2015-11-11 |
2019-05-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." |
|
18 |
CVE-2015-6111 |
399 |
|
DoS |
2015-11-11 |
2019-05-15 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles encryption negotiation, which allows remote authenticated users to cause a denial of service (system hang) via crafted IP traffic, aka "Windows IPSec Denial of Service Vulnerability." |
|
19 |
CVE-2015-6113 |
254 |
|
Bypass |
2015-11-11 |
2019-05-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka "Windows Kernel Security Feature Bypass Vulnerability." |
|
20 |
CVE-2016-0006 |
264 |
|
+Priv |
2016-01-13 |
2019-05-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007. |
|
21 |
CVE-2016-0007 |
264 |
|
+Priv |
2016-01-13 |
2019-05-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006. |
|
22 |
CVE-2016-0018 |
426 |
|
Exec Code +Priv |
2016-01-13 |
2019-05-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." |
|
23 |
CVE-2016-0049 |
255 |
|
Bypass |
2016-02-10 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass." |
|
24 |
CVE-2016-0070 |
200 |
|
+Priv +Info |
2016-10-14 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability." |
|
25 |
CVE-2016-0073 |
200 |
|
+Priv +Info |
2016-10-14 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075. |
|
26 |
CVE-2016-0075 |
200 |
|
+Priv +Info |
2016-10-14 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073. |
|
27 |
CVE-2016-0079 |
200 |
|
+Priv +Info |
2016-10-14 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability." |
|
28 |
CVE-2016-0089 |
200 |
|
+Info |
2016-04-12 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." |
|
29 |
CVE-2016-0090 |
200 |
|
+Info |
2016-04-12 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." |
|
30 |
CVE-2016-0091 |
20 |
|
Exec Code |
2016-03-09 |
2018-10-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092. |
|
31 |
CVE-2016-0128 |
254 |
|
|
2016-04-12 |
2019-09-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK." |
|
32 |
CVE-2016-0168 |
200 |
|
+Info |
2016-05-11 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169. |
|
33 |
CVE-2016-0169 |
200 |
|
+Info |
2016-05-11 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168. |
|
34 |
CVE-2016-0175 |
200 |
|
Bypass +Info |
2016-05-11 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability." |
|
35 |
CVE-2016-0181 |
254 |
|
Bypass |
2016-05-11 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass." |
|
36 |
CVE-2016-3201 |
200 |
|
+Info |
2016-06-16 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215. |
|
37 |
CVE-2016-3209 |
200 |
|
Bypass +Info |
2016-10-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." |
|
38 |
CVE-2016-3215 |
200 |
|
+Info |
2016-06-16 |
2019-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201. |
|
39 |
CVE-2016-3216 |
200 |
|
Bypass +Info |
2016-06-16 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability." |
|
40 |
CVE-2016-3218 |
264 |
|
+Priv |
2016-06-16 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221. |
|
41 |
CVE-2016-3219 |
264 |
|
+Priv |
2016-06-16 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." |
|
42 |
CVE-2016-3220 |
264 |
|
+Priv |
2016-06-16 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability." |
|
43 |
CVE-2016-3221 |
264 |
|
+Priv |
2016-06-16 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218. |
|
44 |
CVE-2016-3225 |
264 |
|
+Priv |
2016-06-16 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability." |
|
45 |
CVE-2016-3230 |
20 |
|
DoS |
2016-06-16 |
2018-10-12 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability." |
|
46 |
CVE-2016-3237 |
264 |
|
Bypass |
2016-08-09 |
2019-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka "Kerberos Security Feature Bypass Vulnerability." |
|
47 |
CVE-2016-3251 |
200 |
|
+Info |
2016-07-13 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability." |
|
48 |
CVE-2016-3256 |
200 |
|
Bypass +Info |
2016-07-13 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability." |
|
49 |
CVE-2016-3258 |
264 |
|
Bypass |
2016-07-13 |
2018-10-12 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass." |
|
50 |
CVE-2016-3262 |
200 |
|
Bypass +Info |
2016-10-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263. |
|
|
