CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-34484	High	2.4%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Mar 31, 2022	KEV
CVE-2015-2426	High	91.8%	MicrosoftWindows	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.	Mar 28, 2022	KEV
CVE-2010-4398	High	6.4%	MicrosoftWindows	Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.	Mar 28, 2022	KEV
CVE-2013-2551	High	90.8%	MicrosoftInternet Explorer	Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.	Mar 28, 2022	KEV
CVE-2015-2419	High	71.7%	MicrosoftInternet Explorer	JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.	Mar 28, 2022	KEV
CVE-2015-1770	High	78.2%	MicrosoftOffice	Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.	Mar 28, 2022	KEV
CVE-2012-2539	High	84.4%	MicrosoftWord	Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.	Mar 28, 2022	KEV
CVE-2013-3660	High	69.2%	MicrosoftWin32k	The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.	Mar 28, 2022	KEV
CVE-2016-0189	High	92.1%	MicrosoftInternet Explorer	The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.	Mar 28, 2022	KEV
CVE-2021-34486	High	34.7%	MicrosoftWindows	Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.	Mar 28, 2022	KEV
CVE-2016-7201	High	90.1%	MicrosoftEdge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.	Mar 28, 2022	KEV
CVE-2016-7200	High	89.2%	MicrosoftEdge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.	Mar 28, 2022	KEV
CVE-2018-8406	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV
CVE-2016-0151	High	44.1%	MicrosoftClient-Server Run-time Subsystem (CSRSS)	The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2021-38646	High	42.7%	MicrosoftOffice	Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.	Mar 28, 2022	KEV
CVE-2017-0037	High	90.8%	MicrosoftEdge and Internet Explorer	Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.	Mar 28, 2022	KEV
CVE-2018-8405	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV
CVE-2016-0040	High	78.9%	MicrosoftWindows	The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2017-0213	High	92.7%	MicrosoftWindows	Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.	Mar 28, 2022	KEV
CVE-2017-0059	High	85.0%	MicrosoftInternet Explorer	Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.	Mar 28, 2022	KEV

CVE-2021-34484KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 2.4%

CVE-2015-2426KEV

High

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

MicrosoftEPSS 91.8%

CVE-2010-4398KEV

High

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

MicrosoftEPSS 6.4%

CVE-2013-2551KEV

High

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

MicrosoftEPSS 90.8%

CVE-2015-2419KEV

High

JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

MicrosoftEPSS 71.7%

CVE-2015-1770KEV

High

Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

MicrosoftEPSS 78.2%

CVE-2012-2539KEV

High

Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.

MicrosoftEPSS 84.4%

CVE-2013-3660KEV

High

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

MicrosoftEPSS 69.2%

CVE-2016-0189KEV

High

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

MicrosoftEPSS 92.1%

CVE-2021-34486KEV

High

Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

MicrosoftEPSS 34.7%

CVE-2016-7201KEV

High

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

MicrosoftEPSS 90.1%

CVE-2016-7200KEV

High

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

MicrosoftEPSS 89.2%

CVE-2018-8406KEV

High

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

CVE-2016-0151KEV

High

The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

MicrosoftEPSS 44.1%

CVE-2021-38646KEV

High

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

MicrosoftEPSS 42.7%

CVE-2017-0037KEV

High

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

MicrosoftEPSS 90.8%

CVE-2018-8405KEV

High

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

CVE-2016-0040KEV

High

The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

MicrosoftEPSS 78.9%

CVE-2017-0213KEV

High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

MicrosoftEPSS 92.7%

CVE-2017-0059KEV

High

Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

MicrosoftEPSS 85.0%

9 10 11 12 13 14 15