Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8127 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141.
|
|||||
| CVE-2018-8126 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2016 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
|
|||||
| CVE-2018-8125 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.
|
|||||
| CVE-2018-8124 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166.
|
|||||
| CVE-2018-8123 | 1 Microsoft | 1 Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.
|
|||||
| CVE-2018-8122 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
|
|||||
| CVE-2018-8121 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.
|
|||||
| CVE-2018-8119 | 1 Microsoft | 3 C Software Development Kit, Csharp Software Development Kit, Java Software Development Kit | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
|
A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.
|
|||||
| CVE-2018-8118 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.
|
|||||
| CVE-2018-8117 | 1 Microsoft | 1 Wireless Keyboard 850 | 2024-11-21 | 7.3 HIGH | 6.8 MEDIUM |
|
A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka "Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability." This affects Microsoft Wireless Keyboard 850.
|
|||||
| CVE-2018-8116 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2018-8115 | 1 Microsoft | 1 Windows Host Compute Service Shim | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
|
A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.
|
|||||
| CVE-2018-8114 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
|
|||||
| CVE-2018-8113 | 1 Microsoft | 2 Internet Explorer, Windows 10 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
|
|||||
| CVE-2018-8112 | 1 Microsoft | 1 Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
|
|||||
| CVE-2018-8111 | 1 Microsoft | 2 Edge, Windows 10 | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236.
|
|||||
| CVE-2018-8110 | 1 Microsoft | 2 Edge, Windows 10 | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236.
|
|||||
| CVE-2018-8014 | 5 Apache, Canonical, Debian and 2 more | 9 Tomcat, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
|
|||||
| CVE-2018-7824 | 2 Microsoft, Schneider-electric | 3 Windows, Driver Suite, Modbus Serial Driver | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
|
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.
|
|||||
| CVE-2018-7719 | 2 Acrolinx, Microsoft | 2 Acrolinx Server, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
|
|||||
| CVE-2018-7449 | 2 Microsoft, Segger | 2 Windows, Embos\/ip Ftp Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.
|
|||||
| CVE-2018-7250 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.
|
|||||
| CVE-2018-7249 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.
|
|||||
| CVE-2018-7212 | 2 Microsoft, Sinatrarb | 2 Windows, Sinatra | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
|
|||||
| CVE-2018-7115 | 2 Hp, Microsoft | 2 Intelligent Management Center, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
|
|||||
| CVE-2018-6947 | 2 Microsoft, Nomachine | 4 Windows 10, Windows 7, Windows 8 and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
|
|||||
| CVE-2018-6757 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
|
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
|
|||||
| CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
|
|||||
| CVE-2018-6755 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.2 HIGH |
|
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
|
|||||
| CVE-2018-6690 | 2 Mcafee, Microsoft | 2 Application Change Control, Windows | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
|
|||||
| CVE-2018-6687 | 2 Mcafee, Microsoft | 2 Getsusp, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
|
|||||
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.6 MEDIUM | 7.4 HIGH |
|
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
|
|||||
| CVE-2018-6674 | 2 Mcafee, Microsoft | 2 Virusscan Enterprise, Windows | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
|
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
|
|||||
| CVE-2018-6664 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 6.5 MEDIUM | 5.8 MEDIUM |
|
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
|
|||||
| CVE-2018-6661 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
|
|||||
| CVE-2018-6634 | 3 Canonical, Microsoft, Parsecgaming | 3 Ubuntu Linux, Windows, Parsec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.
|
|||||
| CVE-2018-6516 | 2 Microsoft, Puppet | 2 Windows, Puppet Enterprise Client Tools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.
|
|||||
| CVE-2018-6515 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
|
|||||
| CVE-2018-6514 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.
|
|||||
| CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.
|
|||||