CVE ID: CVE-2020-1206
Assigner: microsoft
Date Published: 2020-06-09T19:43:23
Affected Products:
- Microsoft Windows 10 Version 1909 for 32-bit Systems:
- Microsoft Windows 10 Version 1909 for x64-based Systems:
- Microsoft Windows 10 Version 1909 for ARM64-based Systems:
- Microsoft Windows Server
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.
.
CVE ID: CVE-2017-11780
Assigner: microsoft
Date Published: 2017-10-10T00:00:00
Affected Products:
- Microsoft Corporation Server Message Block 1.0 (SMBv1): From (including) Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability".
.
CVE ID: CVE-2017-0021
Assigner: microsoft
Date Published: 2017-03-17T00:00:00
Affected Products:
- Microsoft Corporation Hyper-V vSMB: From (including) Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016
Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data
, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095. .
CVE ID: CVE-2010-0231
Assigner: microsoft
Date Published: 2010-02-10T18:00:00
Affected Products:
- n/a n/a: From (including) n/a
The SMB implementation in the Server service in Microsoft Windows 2000 SP4
, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values, " and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." .
CVE ID: CVE-2016-3225
Assigner: microsoft
Date Published: 2016-06-16T01:00:00
Affected Products:
- n/a n/a: From (including) n/a
The SMB server component in Microsoft Windows Vista SP2
, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability." .
CVE ID: CVE-2011-1268
Assigner: microsoft
Date Published: 2011-06-16T20:21:00
Affected Products:
- n/a n/a: From (including) n/a
The SMB client in Microsoft Windows XP SP2 and SP3
, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." .
CVE ID: CVE-2008-4834
Assigner: microsoft
Date Published: 2009-01-14T22:00:00
Affected Products:
- n/a n/a: From (including) n/a
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4
, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." .
CVE ID: CVE-2018-8175
Assigner: microsoft
Date Published: 2018-06-14T12:00:00
Affected Products:
- Microsoft Windows 10 Servers: From (including) version 1709 (Server Core Installation)
An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows 10.
.
CVE ID: CVE-2018-8335
Assigner: microsoft
Date Published: 2018-09-13T00:00:00
Affected Products:
- Microsoft Windows Server 2012 R2: From (including) (Server Core installation)
- Microsoft Windows RT 8.1: From (including) Windows RT 8.1
- Microsoft Windows Server 2012: From (including) (Server Core installation)
- Microsoft Windows Server 2016: From (including) (Server Core installation)
- Microsoft Windows 8.1: From (including) 32-bit systems, From (including) x64-based systems
- Microsoft Windows 10: From (including) 32-bit Systems, From (including) Version 1607 for 32-bit Systems, From (including) Version 1607 for x64-based Systems, From (including) Version 1703 for 32-bit Systems, From (including) Version 1703 for x64-based Systems, From (including) Version 1709 for 32-bit Systems, From (including) Version 1709 for x64-based Systems, From (including) Version 1803 for 32-bit Systems, From (including) Version 1803 for x64-based Systems, From (including) x64-based Systems
- Microsoft Windows 10 Servers: From (including) version 1709 (Server Core Installation), From (including) version 1803 (Server Core Installation)
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
.
CVE ID: CVE-2015-2474
Assigner: microsoft
Date Published: 2015-08-15T00:00:00
Affected Products:
- n/a n/a: From (including) n/a
Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action
, aka "Server Message Block Memory Corruption Vulnerability." .