CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 71/121 • 14518 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14518 CVEs for this tag (all time). In the last 365 days, 1678 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-05-09
High

CVE-2018-8165

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerabilit…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8164

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows…

CVSS: 7.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2018-8141

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Window…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-8136

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wind…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-8134

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Wi…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2018-8132

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016,…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2018-8129

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016,…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2018-8127

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-8124

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows…

CVSS: 7.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-8120

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows…

CVSS: 7.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2018-0961

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Wi…

CVSS: 7.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0959

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Ex…

CVSS: 7.6 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-0958

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016,…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2018-0854

A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Window…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." T…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2018-05-08
High

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, result…

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2018-05-04
High

CVE-2018-8861

Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Bril…

CVSS: 8.7 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2018-8853

Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk…

CVSS: 8.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2018-05-03
High

CVE-2018-10168

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administra…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2018-10167

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key…

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2018-10166

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submi…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2018-10165

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2018-10164

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2018-05-02
High

CVE-2018-8115

A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-10647

SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-10646

CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary ins…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-10645

Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applic…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-04-30
Critical

CVE-2018-1183

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions p…

CVSS: 9.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2018-04-26
High

CVE-2018-3855

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2018-3851

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Docum…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-3845

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2018-3844

In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-17543

Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Clie…

CVSS: 7.5 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
High

CVE-2017-14010

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2018-10381

TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbit…

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-04-25
High

CVE-2018-5226

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repos…

CVSS: 8.8 CWE: N/A View on NVD
2018-04-19
Medium

CVE-2018-1035

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 1…

CVSS: 5.3 CWE: N/A View on NVD
2018-04-18
High

CVE-2018-10204

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openv…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-04-17
High

CVE-2018-10190

A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vul…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2018-04-16
High

CVE-2018-10172

7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2018-10170

NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary in…

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2018-10169

ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary i…

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2018-04-12
Medium

CVE-2018-8116

A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2018-1016

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affe…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-1015

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affe…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-1013

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affe…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-1012

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affe…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-1010

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affe…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-1009

An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Priv…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-1008

An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privile…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-1004

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7,…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-1003

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vuln…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-0976

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Pr…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2018-0975

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0974

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0973

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0972

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0971

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0970

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0969

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0968

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0967

A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows…

CVSS: 5.3 CWE: N/A View on NVD
Low

CVE-2018-0966

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Win…

CVSS: 3.3 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2018-0964

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V In…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2018-0963

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 201…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2018-0960

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0957

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V In…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-0956

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability."…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2018-0890

A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2018-0887

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
2018-04-10
Medium

CVE-2018-2406

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

CVSS: 5.3 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2018-04-06
Medium

CVE-2018-1271

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, imag…

CVSS: 5.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2018-04-04
High

CVE-2018-0986

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protect…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2018-04-03
Medium

CVE-2017-4028

Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee pr…

CVSS: 5.0 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
High

CVE-2018-4165

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4163

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4162

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4161

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-4146

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4144

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4130

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4129

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4128

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4127

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4125

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4122

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4121

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4120

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4119

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4118

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-4114

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-4113

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 6.5 CWE: CWE-617 - Reachable Assertion View on NVD
High

CVE-2018-4101

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected.…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4096

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4088

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-7172

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-7165

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2017-2493

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue invol…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13885

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-13884

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-04-02
Medium

CVE-2018-6252

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2018-6251

NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of serv…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-6250

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of servic…

CVSS: 8.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2018-6248

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-6247

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible…

CVSS: 8.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2018-6661

DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2018-6660

Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the fil…

CVSS: 6.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2018-1038

The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privile…

CVSS: 7.8 CWE: N/A View on NVD
2018-03-30
Medium

CVE-2018-1234

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access b…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2018-03-29
High

CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5223

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permissi…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2018-03-27
High

CVE-2018-9054

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-9053

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-9052

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-9051

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-9050

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-9049

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-9048

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact b…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD