Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 10 1511
Subscriptions
Total
37 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-0022 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 8 more | 2024-11-21 | 6.5 Medium |
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability." | ||||
CVE-2017-0005 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2024-11-21 | 7.8 High |
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047. | ||||
CVE-2017-0001 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2024-11-21 | 7.8 High |
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047. | ||||
CVE-2016-7256 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2024-11-21 | 8.8 High |
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability." | ||||
CVE-2016-7255 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2024-11-21 | 7.8 High |
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
CVE-2016-7201 | 1 Microsoft | 5 Edge, Windows 10 1507, Windows 10 1511 and 2 more | 2024-11-21 | 8.8 High |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
CVE-2016-7200 | 1 Microsoft | 5 Edge, Windows 10 1507, Windows 10 1511 and 2 more | 2024-11-21 | 8.8 High |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
CVE-2016-3393 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 6 more | 2024-11-21 | 7.8 High |
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability." | ||||
CVE-2016-3351 | 1 Microsoft | 11 Edge, Internet Explorer, Windows 10 1507 and 8 more | 2024-11-21 | 6.5 Medium |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | ||||
CVE-2016-3309 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 6 more | 2024-11-21 | 7.8 High |
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311. | ||||
CVE-2016-3298 | 1 Microsoft | 10 Internet Explorer, Windows 10 1507, Windows 10 1511 and 7 more | 2024-11-21 | 6.5 Medium |
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
CVE-2016-0189 | 1 Microsoft | 11 Internet Explorer, Jscript, Vbscript and 8 more | 2024-11-21 | 7.5 High |
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. | ||||
CVE-2016-0167 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1511, Windows 7 and 5 more | 2024-11-21 | 7.8 High |
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165. | ||||
CVE-2016-0162 | 1 Microsoft | 9 Internet Explorer, Windows 10 1507, Windows 10 1511 and 6 more | 2024-11-21 | 4.3 Medium |
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
CVE-2016-0151 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1511, Windows 8.1 and 2 more | 2024-11-21 | 7.8 High |
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." | ||||
CVE-2016-0099 | 1 Microsoft | 7 Windows 10 1507, Windows 10 1511, Windows 7 and 4 more | 2024-11-21 | 7.8 High |
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." | ||||
CVE-2024-7553 | 2 Microsoft, Mongodb | 24 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 21 more | 2024-09-19 | 7.3 High |
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue |