Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8861 | 1 Philips | 8 Brilliance Ct Big Bore, Brilliance Ct Big Bore Firmware, Brilliance 64 and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.7 HIGH |
|
Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.
|
|||||
| CVE-2018-8858 | 1 Vecna | 2 Vgo, Vgo Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.
|
|||||
| CVE-2018-8838 | 1 Yokogawa | 5 B\/m9000 Cs, B\/m9000 Vp, Centum Cs 3000 and 2 more | 2024-11-21 | 4.4 MEDIUM | 6.5 MEDIUM |
|
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 ba ...
Show More |
|||||
| CVE-2018-8790 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM.
|
|||||
| CVE-2018-8768 | 1 Jupyter | 1 Notebook | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
|
|||||
| CVE-2018-8761 | 1 Yxcms | 1 Yxcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.
|
|||||
| CVE-2018-8753 | 1 Clavister | 1 Cos Core | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack.
|
|||||
| CVE-2018-8739 | 1 Keepsolid | 1 Vpn Unlimited | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.
|
|||||
| CVE-2018-8736 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
|
|||||
| CVE-2018-8649 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 10, Windows Server 2019.
|
|||||
| CVE-2018-8638 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 10, Windows Server 2019.
|
|||||
| CVE-2018-8637 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
|
|||||
| CVE-2018-8636 | 1 Microsoft | 2 Excel, Office 365 Proplus | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8597.
|
|||||
| CVE-2018-8634 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft Text-To-Speech Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
|
|||||
| CVE-2018-8628 | 1 Microsoft | 9 Office, Office 365 Proplus, Office Compatibility Pack and 6 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.
|
|||||
| CVE-2018-8622 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621.
|
|||||
| CVE-2018-8621 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Server 2012 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622.
|
|||||
| CVE-2018-8604 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
|
|||||
| CVE-2018-8598 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627.
|
|||||
| CVE-2018-8597 | 1 Microsoft | 4 Excel, Office, Office 365 and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636.
|
|||||
| CVE-2018-8596 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595.
|
|||||
| CVE-2018-8595 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8596.
|
|||||
| CVE-2018-8592 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
|
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019.
|
|||||
| CVE-2018-8587 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.
|
|||||
| CVE-2018-8582 | 1 Microsoft | 4 Office 365 Proplus, Outlook, Outlook Rt and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.
|
|||||
| CVE-2018-8579 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558.
|
|||||
| CVE-2018-8578 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
|
|||||
| CVE-2018-8577 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8574.
|
|||||
| CVE-2018-8576 | 1 Microsoft | 3 Office, Office 365 Proplus, Outlook | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582.
|
|||||
| CVE-2018-8575 | 1 Microsoft | 2 Office 365 Proplus, Project | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.
|
|||||
| CVE-2018-8574 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8577.
|
|||||
| CVE-2018-8573 | 1 Microsoft | 3 Office, Office 365 Proplus, Word | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.
|
|||||
| CVE-2018-8569 | 1 Microsoft | 1 Yammer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App.
|
|||||
| CVE-2018-8567 | 1 Microsoft | 3 Edge, Windows 10, Windows Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
|
|||||
| CVE-2018-8566 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
|
|||||
| CVE-2018-8564 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
|
|||||
| CVE-2018-8563 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2.
|
|||||
| CVE-2018-8553 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.
|
|||||
| CVE-2018-8550 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8549 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
|
|||||