Windows 7
by Microsoft
CVEs (1,811)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1057 | Hig | 0.49 | 7.5 | 0.03 | Aug 14, 2019 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,… | ||
| CVE-2019-0909 | Hig | 0.49 | 7.5 | 0.04 | Jun 12, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by… | ||
| CVE-2018-8251 | Hig | 0.49 | 7.5 | 0.07 | Jun 14, 2018 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server… | ||
| CVE-2017-11788 | Hig | 0.49 | 7.5 | 0.08 | Nov 15, 2017 | Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially… | ||
| CVE-2017-8727 | Hig | 0.49 | 7.5 | 0.08 | Oct 13, 2017 | Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft… | ||
| CVE-2017-11772 | Hig | 0.49 | 7.5 | 0.08 | Oct 13, 2017 | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to… | ||
| CVE-2017-8633 | Hig | 0.49 | 7.5 | 0.04 | Aug 8, 2017 | Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error… | ||
| CVE-2017-8495 | Hig | 0.49 | 7.5 | 0.05 | Jul 11, 2017 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to… | ||
| CVE-2017-0214 | Hig | 0.49 | 7.0 | 0.03 | May 12, 2017 | Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly… | ||
| CVE-2017-0103 | Hig | 0.49 | 7.0 | 0.03 | Mar 17, 2017 | The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege… | ||
| CVE-2016-0169 | Med | 0.49 | 6.5 | 0.43 | May 11, 2016 | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics… | ||
| CVE-2016-0168 | Med | 0.49 | 6.5 | 0.43 | May 11, 2016 | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics… | ||
| CVE-2016-0018 | Hig | 0.49 | 7.3 | 0.14 | Jan 13, 2016 | Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | ||
| CVE-2011-1985 | Hig | 0.49 | 7.1 | 0.02 | Oct 12, 2011 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or… | ||
| CVE-2011-0029 | Hig | 0.49 | 7.4 | 0.07 | Mar 9, 2011 | Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote… | ||
| CVE-2022-30170 | Hig | 0.48 | 7.3 | 0.01 | Sep 13, 2022 | Windows Credential Roaming Service Elevation of Privilege Vulnerability | ||
| CVE-2022-35793 | Hig | 0.48 | 7.3 | 0.09 | Aug 9, 2022 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2022-30209 | Hig | 0.48 | 7.4 | 0.02 | Jul 12, 2022 | Windows IIS Server Elevation of Privilege Vulnerability | ||
| CVE-2022-30203 | Hig | 0.48 | 7.4 | 0.01 | Jul 12, 2022 | Windows Boot Manager Security Feature Bypass Vulnerability | ||
| CVE-2022-22040 | Hig | 0.48 | 7.3 | 0.01 | Jul 12, 2022 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability |
- risk 0.49cvss 7.5epss 0.03
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,…
- risk 0.49cvss 7.5epss 0.04
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…
- risk 0.49cvss 7.5epss 0.07
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server…
- risk 0.49cvss 7.5epss 0.08
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially…
- risk 0.49cvss 7.5epss 0.08
Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft…
- risk 0.49cvss 7.5epss 0.08
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to…
- risk 0.49cvss 7.5epss 0.04
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error…
- risk 0.49cvss 7.5epss 0.05
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to…
- risk 0.49cvss 7.0epss 0.03
Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly…
- risk 0.49cvss 7.0epss 0.03
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege…
- risk 0.49cvss 6.5epss 0.43
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics…
- risk 0.49cvss 6.5epss 0.43
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics…
- risk 0.49cvss 7.3epss 0.14
Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
- risk 0.49cvss 7.1epss 0.02
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or…
- risk 0.49cvss 7.4epss 0.07
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote…
- risk 0.48cvss 7.3epss 0.01
Windows Credential Roaming Service Elevation of Privilege Vulnerability
- risk 0.48cvss 7.3epss 0.09
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.48cvss 7.4epss 0.02
Windows IIS Server Elevation of Privilege Vulnerability
- risk 0.48cvss 7.4epss 0.01
Windows Boot Manager Security Feature Bypass Vulnerability
- risk 0.48cvss 7.3epss 0.01
Internet Information Services Dynamic Compression Module Denial of Service Vulnerability
Page 44 of 91