Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_7
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2367 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-09 | CVE-2018-0824 | A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | Windows_10_1507, Windows_10_1607, Windows_10_1703, Windows_10_1709, Windows_10_1803, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_1709, Windows_server_1803, Windows_server_2008, Windows_server_2012, Windows_server_2016 | 8.8 | ||
| 2011-04-06 | CVE-2011-1652 | The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that... | Windows_7 | N/A | ||
| 2019-08-14 | CVE-2019-1148 | An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles... | Office, Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 5.5 | ||
| 2019-08-14 | CVE-2019-1164 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.8 | ||
| 2016-11-10 | CVE-2016-7255 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | Windows_10_1507, Windows_10_1511, Windows_10_1607, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_vista | 7.8 | ||
| 2019-04-09 | CVE-2019-0808 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797. | Windows_7, Windows_server_2008 | 7.8 | ||
| 2019-05-16 | CVE-2019-0708 | A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | Agile_controller\-Campus_firmware, Bh620_v2_firmware, Bh621_v2_firmware, Bh622_v2_firmware, Bh640_v2_firmware, Ch121_firmware, Ch140_firmware, Ch220_firmware, Ch221_firmware, Ch222_firmware, Ch240_firmware, Ch242_firmware, Ch242_v3_firmware, E6000_chassis_firmware, E6000_firmware, Elog_firmware, Espace_ecs_firmware, Gtsoftx3000_firmware, Oceanstor_18500_firmware, Oceanstor_18800_firmware, Oceanstor_18800f_firmware, Oceanstor_hvs85t_firmware, Oceanstor_hvs88t_firmware, Rh1288_v2_firmware, Rh1288a_v2_firmware, Rh2265_v2_firmware, Rh2268_v2_firmware, Rh2285_v2_firmware, Rh2285h_v2_firmware, Rh2288_v2_firmware, Rh2288a_v2_firmware, Rh2288e_v2_firmware, Rh2288h_v2_firmware, Rh2485_v2_firmware, Rh5885_v2_firmware, Rh5885_v3_firmware, Seco_vsm_firmware, Smc2\.0_firmware, Uma_firmware, X6000_firmware, X8000_firmware, Windows_7, Windows_server_2008, Aptio_firmware, Atellica_solution_firmware, Axiom_multix_m_firmware, Axiom_vertix_md_trauma_firmware, Axiom_vertix_solitaire_m_firmware, Centralink_firmware, Lantis_firmware, Mobilett_xp_digital_firmware, Multix_pro_acss_firmware, Multix_pro_acss_p_firmware, Multix_pro_firmware, Multix_pro_navy_firmware, Multix_pro_p_firmware, Multix_swing_firmware, Multix_top_acss_firmware, Multix_top_acss_p_firmware, Multix_top_firmware, Multix_top_p_firmware, Rapidpoint_500_firmware, Streamlab_firmware, Syngo_lab_process_manager, Vertix_solitaire_firmware, Viva_e_firmware, Viva_twin_firmware | 9.8 | ||
| 2010-01-21 | CVE-2010-0232 | The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to... | Windows_2000, Windows_7, Windows_xp | 7.8 | ||
| 2014-10-22 | CVE-2014-6352 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document. | Windows_7, Windows_8, Windows_8\.1, Windows_rt, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_vista | 7.8 | ||
| 2017-04-12 | CVE-2017-0199 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | Office, Windows_7, Windows_server_2008, Windows_server_2012, Windows_vista, Intellispace_portal | 7.8 |