Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0073 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 7.2 HIGH N/A
The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability."
CVE-2015-0069 1 Microsoft 1 Internet Explorer 2026-06-17 4.3 MEDIUM N/A
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
CVE-2015-0062 1 Microsoft 7 Windows 7, Windows 8, Windows 8.1 and 4 more 2026-06-17 7.2 HIGH N/A
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability."
CVE-2015-0059 1 Microsoft 7 Windows 7, Windows 8, Windows 8.1 and 4 more 2026-06-17 6.9 MEDIUM N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability."
CVE-2015-0057 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
CVE-2015-0055 1 Microsoft 1 Internet Explorer 2026-06-17 4.3 MEDIUM N/A
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2015-0054 1 Microsoft 1 Internet Explorer 2026-06-17 4.3 MEDIUM N/A
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2015-0051 1 Microsoft 1 Internet Explorer 2026-06-17 4.3 MEDIUM N/A
Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
CVE-2015-0012 1 Microsoft 1 Virtual Machine Manager 2026-06-17 6.9 MEDIUM N/A
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability."
CVE-2015-0011 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 4.7 MEDIUM N/A
mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
CVE-2015-0006 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 6.1 MEDIUM N/A
The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."
CVE-2015-0004 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 7.2 HIGH N/A
The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."
CVE-2015-0002 1 Microsoft 7 Windows 7, Windows 8, Windows 8.1 and 4 more 2026-06-17 7.2 HIGH N/A
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."
CVE-2015-0001 1 Microsoft 5 Windows 8, Windows 8.1, Windows Rt and 2 more 2026-06-17 1.9 LOW N/A
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."
CVE-2014-9959 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.
CVE-2014-9958 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.
CVE-2014-9957 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.
CVE-2014-9956 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
CVE-2014-9955 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
CVE-2014-9954 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.