Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
Max CVSS
1.9
EPSS Score
0.08%
Published
2002-12-31
Updated
2017-08-17
Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
Max CVSS
1.8
EPSS Score
0.25%
Published
2007-06-04
Updated
2012-11-06
Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.
Max CVSS
1.9
EPSS Score
0.05%
Published
2008-05-12
Updated
2017-08-08
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Max CVSS
1.9
EPSS Score
0.35%
Published
2008-09-03
Updated
2008-09-05
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
Max CVSS
1.7
EPSS Score
0.79%
Published
2012-05-09
Updated
2018-10-12
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."
Max CVSS
1.9
EPSS Score
0.05%
Published
2015-01-13
Updated
2018-10-12
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-02-11
Updated
2019-05-15
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability."
Max CVSS
1.9
EPSS Score
0.14%
Published
2015-05-13
Updated
2019-05-14
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability."
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-09-09
Updated
2019-05-14
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!