Total
546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3327 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." | |||||
| CVE-2011-1260 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." | |||||
| CVE-2013-5065 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-11 | 7.2 HIGH | 7.8 HIGH |
| NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. | |||||
| CVE-2012-1866 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." | |||||
| CVE-2010-0485 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | 6.8 MEDIUM | 7.8 HIGH |
| The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." | |||||
| CVE-2011-1231 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | 8.4 HIGH |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | |||||
| CVE-2013-0931 | 2 Microsoft, Rsa | 3 Windows 2003 Server, Windows Xp, Authentication Agent For Windows | 2025-04-11 | 5.4 MEDIUM | N/A |
| EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. | |||||
| CVE-2011-1268 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 10.0 HIGH | N/A |
| The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." | |||||
| CVE-2012-6533 | 2 Microsoft, Symantec | 4 Windows 2003 Server, Windows Xp, Encryption Desktop and 1 more | 2025-04-11 | 4.4 MEDIUM | N/A |
| Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. | |||||
| CVE-2010-3957 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 6.9 MEDIUM | 7.3 HIGH |
| Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." | |||||
| CVE-2012-1882 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." | |||||
| CVE-2010-2743 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. | |||||
| CVE-2010-0811 | 1 Microsoft | 5 Windows 2003 Server, Windows 7, Windows Server 2008 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." | |||||
| CVE-2011-1977 | 1 Microsoft | 8 .net Framework, Chart Control For Microsoft .net Framework, Windows 2003 Server and 5 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." | |||||
| CVE-2010-0235 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more | 2025-04-11 | 4.7 MEDIUM | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." | |||||
| CVE-2011-1885 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." | |||||
| CVE-2010-0483 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-11 | 7.6 HIGH | N/A |
| vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." | |||||
| CVE-2012-1877 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability." | |||||
| CVE-2011-0672 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | |||||
| CVE-2010-1735 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Server 2003 and 1 more | 2025-04-11 | 4.9 MEDIUM | N/A |
| The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. | |||||